eliott/desktop
1
0
Fork 0
mirror of https://github.com/zen-browser/desktop synced 2026-04-25 17:15:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

no-bug: Sign mars after building them (gh-13213)

Browse Source
This commit is contained in:
mr. m
2026-04-11 16:45:24 +02:00
committed by GitHub
parent 76b7bc96ef
commit a4f0d01a88
8 changed files with 59 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/build.yml vendored
View File

@@ -505,20 +505,6 @@ jobs:
run: |
git clone https://github.com/zen-browser/windows-binaries.git .github/workflows/object --depth 1
- name: Download signmar-linux-x86_64 from artifacts
uses: actions/download-artifact@v4
with:
name: signmar-linux-x86_64
- name: Sign MAR files
env:
SIGNMAR: ${{ github.workspace }}/signmar-linux-x86_64/signmar
ZEN_MAR_SIGNING_PASSWORD: ${{ secrets.ZEN_MAR_SIGNING_PASSWORD }}
ZEN_SIGNING_CERT_PEM_BASE64: ${{ secrets.ZEN_SIGNING_CERT_PEM_BASE64 }}
ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64: ${{ secrets.ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64 }}
run: |
bash scripts/mar_sign.sh -s
- name: Copy update manifests
env:
RELEASE_BRANCH: ${{ inputs.update_branch }}

17
.github/workflows/linux-release-build.yml vendored
View File

@@ -153,6 +153,15 @@ jobs:
mv dist/zen-*.tar.xz "zen.linux-${{ matrix.arch }}.tar.xz"
mv dist/output.mar linux${{ matrix.arch == 'aarch64' && '-aarch64' || '' }}.mar
- name: Sign MAR
env:
SIGNMAR: engine/obj-${{ matrix.arch == 'aarch64' && 'aarch64-unknown' || 'x86_64-pc' }}-linux-gnu/dist/bin/signmar
ZEN_MAR_SIGNING_PASSWORD: ${{ secrets.ZEN_MAR_SIGNING_PASSWORD }}
ZEN_SIGNING_CERT_PEM_BASE64: ${{ secrets.ZEN_SIGNING_CERT_PEM_BASE64 }}
ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64: ${{ secrets.ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64 }}
run: |
bash scripts/mar_sign.sh -s ./linux${{ matrix.arch == 'aarch64' && '-aarch64' || '' }}.mar
- name: Upload build artifact (binary)
uses: actions/upload-artifact@v4
with:
@@ -173,11 +182,3 @@ jobs:
retention-days: 5
name: linux_update_manifest_${{ matrix.arch }}
path: ./dist/update
- name: Upload signmar
if: ${{ matrix.arch == 'x86_64' }}
uses: actions/upload-artifact@v4
with:
retention-days: 2
name: signmar-linux-x86_64
path: engine/obj-x86_64-pc-linux-gnu/dist/bin/signmar

9
.github/workflows/macos-universal-release-build.yml vendored
View File

@@ -247,6 +247,15 @@ jobs:
npm run package -- --verbose
mv ./dist/output.mar ./macos.mar
- name: Sign MAR
env:
SIGNMAR: engine/obj-x86_64-apple-darwin/dist/bin/signmar
ZEN_MAR_SIGNING_PASSWORD: ${{ secrets.ZEN_MAR_SIGNING_PASSWORD }}
ZEN_SIGNING_CERT_PEM_BASE64: ${{ secrets.ZEN_SIGNING_CERT_PEM_BASE64 }}
ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64: ${{ secrets.ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64 }}
run: |
bash scripts/mar_sign.sh -s ./macos.mar
- name: Upload build artifact (.mar)
uses: actions/upload-artifact@v4
with:

10
.github/workflows/windows-release-build.yml vendored
View File

@@ -281,6 +281,16 @@ jobs:
mv ./dist/output.mar windows${{ matrix.arch == 'aarch64' && '-arm64' || '' }}.mar
mv ./dist/zen.installer.exe ./zen.installer${{ matrix.arch == 'aarch64' && '-arm64' || '' }}.exe
- name: Sign MAR
if: ${{ !inputs.generate-gpo }}
env:
SIGNMAR: engine/obj-${{ matrix.arch }}-pc-windows-msvc/dist/bin/signmar
ZEN_MAR_SIGNING_PASSWORD: ${{ secrets.ZEN_MAR_SIGNING_PASSWORD }}
ZEN_SIGNING_CERT_PEM_BASE64: ${{ secrets.ZEN_SIGNING_CERT_PEM_BASE64 }}
ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64: ${{ secrets.ZEN_SIGNING_PRIVATE_KEY_PEM_BASE64 }}
run: |
bash scripts/mar_sign.sh -s ./windows${{ matrix.arch == 'aarch64' && '-arm64' || '' }}.mar
- name: Upload artifact (PGO)
uses: actions/upload-artifact@v4
if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }}