Sign Windows binary (#37)

2026-03-13 08:02:57 +08:00 · 2023-02-17 12:13:43 +01:00
parent 2c7e1f5120
commit faf746748e
2 changed files with 42 additions and 10 deletions
--- a/6
+++ b/6
@@ -25,6 +25,12 @@ build-darwin-arm64:
 build-windows-amd64:
 	GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_OPTS) -o $(BIN_WINDOWS_AMD64) main.go

+sign-binaries: sign-binary-windows-amd64
+	# This needs to run in a Docker container with the graylog/internal-codesigntool image
+	codesigntool sign $(BIN_WINDOWS_AMD64)
+
+sign-binary-windows-amd64:
+
 install: install-linux install-darwin-amd64

 install-darwin-amd64: build-darwin-amd64
--- a/jenkins.groovy
+++ b/jenkins.groovy
@@ -29,17 +29,35 @@ pipeline

            sh "make"
         }
+      }
+
+      stage('Sign Windows Binaries')
+      {
+        agent
+        {
+          docker
+          {
+            image 'graylog/internal-codesigntool:latest'
+            args '-u jenkins:jenkins'
+            registryCredentialsId 'docker-hub'
+            alwaysPull true
+            reuseNode true
+          }
+        }
+
+        environment
+        {
+          CODESIGN_USER = credentials('codesign-user')
+          CODESIGN_PASS = credentials('codesign-pass')
+          CODESIGN_TOTP_SECRET = credentials('codesign-totp-secret')
+          CODESIGN_CREDENTIAL_ID = credentials('codesign-credential-id')
+        }
+
+        steps
+        {
+          sh 'make sign-binaries'
+        }

-         post
-         {
-            success
-            {
-               archiveArtifacts '*.linux'
-               archiveArtifacts '*.darwin-amd64'
-               archiveArtifacts '*.darwin-arm64'
-               archiveArtifacts '*.exe'
-            }
-         }
      }

      stage('Release')
@@ -76,6 +94,14 @@ pipeline

   post
   {
+     success
+     {
+        archiveArtifacts '*.linux'
+        archiveArtifacts '*.darwin-amd64'
+        archiveArtifacts '*.darwin-arm64'
+        archiveArtifacts '*.exe'
+     }
+
     cleanup
     {
       cleanWs()