Build Windows EXE on Ubuntu runner

.gitea/workflows/build.yml

@@ -8,39 +8,52 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-windows:
-    runs-on: windows-latest
+  build:
+    runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Verify PowerShell scripts
-        shell: powershell
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 8.0.x
+
+      - name: Build Windows EXE
+        shell: bash
         run: |
-          $scripts = @()
-          $scripts += @(Get-ChildItem . -Filter *.ps1)
-          $scripts += @(Get-ChildItem .\scripts -Filter *.ps1)
-          foreach ($script in $scripts) {
-            $tokens = $null
-            $errors = $null
-            [System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$tokens, [ref]$errors) | Out-Null
-            if ($errors) { throw $errors }
-          }
+          set -euo pipefail
+          dotnet publish src/MrTrustLauncher.csproj \
+            --configuration Release \
+            --runtime win-x64 \
+            --output dist/build \
+            -p:EnableWindowsTargeting=true \
+            -p:PublishSingleFile=true \
+            -p:SelfContained=false
+          cp dist/build/MrTrust.exe dist/MrTrust.exe
 
       - name: Build release ZIP
-        shell: powershell
+        shell: bash
         run: |
-          $arguments = @("-ExecutionPolicy", "Bypass", "-File", ".\scripts\New-MrTrustRelease.ps1", "-Version", "0.1.0")
-          if ($env:MRTRUST_SIGNING_THUMBPRINT) {
-            $arguments += @("-SigningThumbprint", $env:MRTRUST_SIGNING_THUMBPRINT)
-          }
-          powershell @arguments
+          set -euo pipefail
+          version="0.1.0"
+          package_root="dist/MrTrust-${version}"
+          rm -rf "$package_root" "dist/MrTrust-${version}.zip"
+          mkdir -p "$package_root/scripts" "$package_root/assets/certificates" "$package_root/docs"
+          cp dist/MrTrust.exe "$package_root/"
+          cp MrTrust.ps1 README.md "$package_root/"
+          cp scripts/Install-MrTrust.ps1 scripts/Uninstall-MrTrust.ps1 scripts/Start-MrTrustGui.ps1 "$package_root/scripts/"
+          cp assets/certificates/MrSphay-LocalTrust-Root.cer "$package_root/assets/certificates/"
+          cp assets/certificates/MrSphay-CodeSigning.cer "$package_root/assets/certificates/"
+          cp assets/certificates/thumbprints.txt "$package_root/assets/certificates/"
+          cp docs/security-model.md "$package_root/docs/"
+          (cd dist && zip -r "MrTrust-${version}.zip" "MrTrust-${version}")
 
       - name: Show package contents
-        shell: powershell
+        shell: bash
         run: |
-          Get-ChildItem .\dist -Recurse | Select-Object FullName, Length
+          find dist -maxdepth 4 -type f -printf '%p %s bytes\n'
 
       - name: Upload release artifact
         uses: actions/upload-artifact@v3

CHANGELOG.md

@@ -4,6 +4,6 @@
 
 - Added MrTrust certificate generation, installation, removal, and signing scripts.
 - Added a simple Windows GUI for installing and removing MrTrust.
-- Added a Windows launcher EXE and Gitea Runner workflow for release ZIP builds.
+- Added a Windows launcher EXE and Ubuntu Gitea Runner workflow for release ZIP builds.
 - Added integration prompt for other Windows projects.
 - Added security model documentation.

README.md

@@ -68,8 +68,7 @@ Build a user-facing ZIP release:
 .\scripts\New-MrTrustRelease.ps1 -Version 0.1.0
 ```
 
-The Gitea workflow `.gitea/workflows/build.yml` builds the same ZIP on a Windows runner and uploads it as an artifact.
-If the Windows runner has the private signing certificate installed, set `MRTRUST_SIGNING_THUMBPRINT` to sign the launcher during the build.
+The Gitea workflow `.gitea/workflows/build.yml` builds the Windows launcher EXE on an `ubuntu-latest` runner with .NET Windows cross-targeting, then uploads the ZIP as an artifact.
 
 ## User Installation
 

src/MrTrustLauncher.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <OutputType>WinExe</OutputType>
+    <TargetFramework>net8.0-windows</TargetFramework>
+    <UseWindowsForms>true</UseWindowsForms>
+    <EnableWindowsTargeting>true</EnableWindowsTargeting>
+    <AssemblyName>MrTrust</AssemblyName>
+    <RootNamespace>MrTrust</RootNamespace>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <PublishSingleFile>true</PublishSingleFile>
+    <SelfContained>false</SelfContained>
+  </PropertyGroup>
+</Project>