diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 5f88850..a7967fc 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -8,39 +8,52 @@ on: workflow_dispatch: jobs: - build-windows: - runs-on: windows-latest + build: + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - - name: Verify PowerShell scripts - shell: powershell + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 8.0.x + + - name: Build Windows EXE + shell: bash run: | - $scripts = @() - $scripts += @(Get-ChildItem . -Filter *.ps1) - $scripts += @(Get-ChildItem .\scripts -Filter *.ps1) - foreach ($script in $scripts) { - $tokens = $null - $errors = $null - [System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$tokens, [ref]$errors) | Out-Null - if ($errors) { throw $errors } - } + set -euo pipefail + dotnet publish src/MrTrustLauncher.csproj \ + --configuration Release \ + --runtime win-x64 \ + --output dist/build \ + -p:EnableWindowsTargeting=true \ + -p:PublishSingleFile=true \ + -p:SelfContained=false + cp dist/build/MrTrust.exe dist/MrTrust.exe - name: Build release ZIP - shell: powershell + shell: bash run: | - $arguments = @("-ExecutionPolicy", "Bypass", "-File", ".\scripts\New-MrTrustRelease.ps1", "-Version", "0.1.0") - if ($env:MRTRUST_SIGNING_THUMBPRINT) { - $arguments += @("-SigningThumbprint", $env:MRTRUST_SIGNING_THUMBPRINT) - } - powershell @arguments + set -euo pipefail + version="0.1.0" + package_root="dist/MrTrust-${version}" + rm -rf "$package_root" "dist/MrTrust-${version}.zip" + mkdir -p "$package_root/scripts" "$package_root/assets/certificates" "$package_root/docs" + cp dist/MrTrust.exe "$package_root/" + cp MrTrust.ps1 README.md "$package_root/" + cp scripts/Install-MrTrust.ps1 scripts/Uninstall-MrTrust.ps1 scripts/Start-MrTrustGui.ps1 "$package_root/scripts/" + cp assets/certificates/MrSphay-LocalTrust-Root.cer "$package_root/assets/certificates/" + cp assets/certificates/MrSphay-CodeSigning.cer "$package_root/assets/certificates/" + cp assets/certificates/thumbprints.txt "$package_root/assets/certificates/" + cp docs/security-model.md "$package_root/docs/" + (cd dist && zip -r "MrTrust-${version}.zip" "MrTrust-${version}") - name: Show package contents - shell: powershell + shell: bash run: | - Get-ChildItem .\dist -Recurse | Select-Object FullName, Length + find dist -maxdepth 4 -type f -printf '%p %s bytes\n' - name: Upload release artifact uses: actions/upload-artifact@v3 diff --git a/CHANGELOG.md b/CHANGELOG.md index f79b806..f6805f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,6 @@ - Added MrTrust certificate generation, installation, removal, and signing scripts. - Added a simple Windows GUI for installing and removing MrTrust. -- Added a Windows launcher EXE and Gitea Runner workflow for release ZIP builds. +- Added a Windows launcher EXE and Ubuntu Gitea Runner workflow for release ZIP builds. - Added integration prompt for other Windows projects. - Added security model documentation. diff --git a/README.md b/README.md index 547b1e2..600a10c 100644 --- a/README.md +++ b/README.md @@ -68,8 +68,7 @@ Build a user-facing ZIP release: .\scripts\New-MrTrustRelease.ps1 -Version 0.1.0 ``` -The Gitea workflow `.gitea/workflows/build.yml` builds the same ZIP on a Windows runner and uploads it as an artifact. -If the Windows runner has the private signing certificate installed, set `MRTRUST_SIGNING_THUMBPRINT` to sign the launcher during the build. +The Gitea workflow `.gitea/workflows/build.yml` builds the Windows launcher EXE on an `ubuntu-latest` runner with .NET Windows cross-targeting, then uploads the ZIP as an artifact. ## User Installation diff --git a/src/MrTrustLauncher.csproj b/src/MrTrustLauncher.csproj new file mode 100644 index 0000000..b80d92f --- /dev/null +++ b/src/MrTrustLauncher.csproj @@ -0,0 +1,14 @@ + + + WinExe + net8.0-windows + true + true + MrTrust + MrTrust + enable + enable + true + false + +