mirror of
https://github.com/microsoft/PowerToys.git
synced 2025-12-16 11:48:06 +01:00
Rewrite MSStore submission pipeline to use msstore-cli and Cert Auth (#33430)
This commit is contained in:
Dustin L. Howett
5
.github/actions/spell-check/allow/code.txt
vendored
5
.github/actions/spell-check/allow/code.txt
vendored
@@ -221,3 +221,8 @@ artanh
|
|||||||
arsinh
|
arsinh
|
||||||
arcosh
|
arcosh
|
||||||
|
|
||||||
|
# Linux
|
||||||
|
|
||||||
|
dbus
|
||||||
|
anypass
|
||||||
|
gpg
|
||||||
|
|||||||
4
.github/actions/spell-check/expect.txt
vendored
4
.github/actions/spell-check/expect.txt
vendored
@@ -95,6 +95,7 @@ AUTOUPDATE
|
|||||||
AValid
|
AValid
|
||||||
awakeness
|
awakeness
|
||||||
AWAYMODE
|
AWAYMODE
|
||||||
|
azcliversion
|
||||||
azman
|
azman
|
||||||
backtracer
|
backtracer
|
||||||
bbwe
|
bbwe
|
||||||
@@ -119,6 +120,7 @@ BLURREGION
|
|||||||
bmi
|
bmi
|
||||||
bms
|
bms
|
||||||
BNumber
|
BNumber
|
||||||
|
BODGY
|
||||||
BOKMAL
|
BOKMAL
|
||||||
bootstrapper
|
bootstrapper
|
||||||
BOOTSTRAPPERINSTALLFOLDER
|
BOOTSTRAPPERINSTALLFOLDER
|
||||||
@@ -165,6 +167,7 @@ CENTERALIGN
|
|||||||
ceq
|
ceq
|
||||||
certlm
|
certlm
|
||||||
certmgr
|
certmgr
|
||||||
|
cfp
|
||||||
cguid
|
cguid
|
||||||
CHANGECBCHAIN
|
CHANGECBCHAIN
|
||||||
changecursor
|
changecursor
|
||||||
@@ -754,6 +757,7 @@ KEYEVENTF
|
|||||||
KEYIMAGE
|
KEYIMAGE
|
||||||
keynum
|
keynum
|
||||||
keyremaps
|
keyremaps
|
||||||
|
keyvault
|
||||||
KILLFOCUS
|
KILLFOCUS
|
||||||
killrunner
|
killrunner
|
||||||
Knownfolders
|
Knownfolders
|
||||||
|
|||||||
60
.github/workflows/msstore-submissions.yml
vendored
60
.github/workflows/msstore-submissions.yml
vendored
@@ -5,37 +5,57 @@ on:
|
|||||||
release:
|
release:
|
||||||
types: [published]
|
types: [published]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
id-token: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
||||||
microsoft_store:
|
microsoft_store:
|
||||||
name: Publish Microsoft Store
|
name: Publish Microsoft Store
|
||||||
|
environment: store
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
- name: BODGY - Set up Gnome Keyring for future Cert Auth
|
||||||
|
run: |-
|
||||||
|
sudo apt-get install -y gnome-keyring
|
||||||
|
export $(dbus-launch --sh-syntax)
|
||||||
|
export $(echo 'anypass_just_to_unlock' | gnome-keyring-daemon --unlock)
|
||||||
|
export $(echo 'anypass_just_to_unlock' | gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
|
||||||
|
|
||||||
|
- name: Log in to Azure
|
||||||
|
uses: azure/login@v2
|
||||||
|
with:
|
||||||
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||||
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||||
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||||
|
enable-AzPSSession: true
|
||||||
|
|
||||||
- name: Get latest URL from public releases
|
- name: Get latest URL from public releases
|
||||||
id: releaseVars
|
id: releaseVars
|
||||||
run: |
|
run: |
|
||||||
release=$(curl https://api.github.com/repos/Microsoft/PowerToys/releases | jq '[.[]|select(.name | contains("Release"))][0]')
|
release=$(curl https://api.github.com/repos/Microsoft/PowerToys/releases | jq '[.[]|select(.name | contains("Release"))][0]')
|
||||||
assets=$(jq -n "$release" | jq '.assets')
|
assets=$(jq -n "$release" | jq '.assets')
|
||||||
powerToysSetup=$(jq -n "$assets" | jq '[.[]|select(.name | contains("PowerToysUserSetup"))]')
|
powerToysSetup=$(jq -n "$assets" | jq '[.[]|select(.name | contains("PowerToysUserSetup"))]')
|
||||||
echo ::set-output name=powerToysInstallerX64Url::$(jq -n "$powerToysSetup" | jq -r '[.[]|select(.name | contains("x64"))][0].browser_download_url')
|
echo powerToysInstallerX64Url=$(jq -n "$powerToysSetup" | jq -r '[.[]|select(.name | contains("x64"))][0].browser_download_url') >> $GITHUB_OUTPUT
|
||||||
echo ::set-output name=powerToysInstallerArm64Url::$(jq -n "$powerToysSetup" | jq -r '[.[]|select(.name | contains("arm64"))][0].browser_download_url')
|
echo powerToysInstallerArm64Url=$(jq -n "$powerToysSetup" | jq -r '[.[]|select(.name | contains("arm64"))][0].browser_download_url') >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- uses: microsoft/setup-msstore-cli@v1
|
||||||
|
|
||||||
|
- name: Fetch Store Credential
|
||||||
|
uses: azure/cli@v2
|
||||||
|
with:
|
||||||
|
azcliversion: latest
|
||||||
|
inlineScript: |-
|
||||||
|
az keyvault secret download --vault-name ${{ secrets.AZURE_KEYVAULT_NAME }} -n ${{ secrets.AZURE_AUTH_CERT_NAME }} -f cert.pfx.b64
|
||||||
|
base64 -d < cert.pfx.b64 > cert.pfx
|
||||||
|
|
||||||
- name: Configure Store Credentials
|
- name: Configure Store Credentials
|
||||||
uses: microsoft/store-submission@v1
|
run: |-
|
||||||
with:
|
msstore reconfigure -cfp cert.pfx -c ${{ secrets.AZURE_CLIENT_ID }} -t ${{ secrets.AZURE_TENANT_ID }} -s ${{ secrets.SELLER_ID }}
|
||||||
command: configure
|
|
||||||
type: win32
|
|
||||||
seller-id: ${{ secrets.SELLER_ID }}
|
|
||||||
product-id: ${{ secrets.PRODUCT_ID }}
|
|
||||||
tenant-id: ${{ secrets.TENANT_ID }}
|
|
||||||
client-id: ${{ secrets.CLIENT_ID }}
|
|
||||||
client-secret: ${{ secrets.CLIENT_SECRET }}
|
|
||||||
|
|
||||||
- name: Update draft submission
|
- name: Update draft submission
|
||||||
uses: microsoft/store-submission@v1
|
run: |-
|
||||||
with:
|
msstore submission update ${{ secrets.PRODUCT_ID }} '{
|
||||||
command: update
|
|
||||||
product-update: '{
|
|
||||||
"packages":[
|
"packages":[
|
||||||
{
|
{
|
||||||
"packageUrl":"${{ steps.releaseVars.outputs.powerToysInstallerX64Url }}",
|
"packageUrl":"${{ steps.releaseVars.outputs.powerToysInstallerX64Url }}",
|
||||||
@@ -55,6 +75,10 @@ jobs:
|
|||||||
}'
|
}'
|
||||||
|
|
||||||
- name: Publish Submission
|
- name: Publish Submission
|
||||||
uses: microsoft/store-submission@v1
|
run: |-
|
||||||
with:
|
msstore submission publish ${{ secrets.PRODUCT_ID }}
|
||||||
command: publish
|
|
||||||
|
- name: Clean up auth certificate
|
||||||
|
if: always()
|
||||||
|
run: |-
|
||||||
|
rm -f cert.pfx cert.pfx.b64
|
||||||
|
|||||||
Reference in New Issue
Block a user