From 1af15a56b22dc585a6c77cef04279c23278108f0 Mon Sep 17 00:00:00 2001 From: Philip Balinov Date: Fri, 8 Nov 2024 14:38:39 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20install=20location=20+=20re-enab?= =?UTF-8?q?le=20arm64=20MSI=20builds=20(#490)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Re-enable support for arm64 builds for mondoo.msi - Revert "Revert "Build arm64 MSI packages additionally to the current amd64 ones (#482)" (#486)" - This reverts commit 843a7835db4cee5d4b5c4d931afc8b7c53fe24fa. - Revert the `Platform` attribute in the Package definition, as that appears to dictate which install location the package should use i.e. "Program Files" vs "Program Files (x64)" - Some minor improvements * Fix: add logout step to cnspec test * Correct msi filename in test block --- .github/workflows/pkg_msi.yaml | 105 +++++++++++++++++++-------------- .gitignore | 8 ++- packages/msi/msi/Product.wxs | 27 +++++++-- packages/msi/package.ps1 | 16 +++-- 4 files changed, 101 insertions(+), 55 deletions(-) diff --git a/.github/workflows/pkg_msi.yaml b/.github/workflows/pkg_msi.yaml index 67e6a860..00bf9c39 100644 --- a/.github/workflows/pkg_msi.yaml +++ b/.github/workflows/pkg_msi.yaml @@ -53,12 +53,18 @@ jobs: echo "trimmed_version=$(echo ${V} | sed 's/-.*//')" >> $GITHUB_OUTPUT - name: Ensure version of cnquery and cnspec are available run: | - curl -sL --head --fail https://github.com/mondoohq/cnquery/releases/download/v${{ steps.version.outputs.version }}/cnquery_${{ steps.version.outputs.version }}_windows_amd64.zip - curl -sL --head --fail https://github.com/mondoohq/cnspec/releases/download/v${{ steps.version.outputs.version }}/cnspec_${{ steps.version.outputs.version }}_windows_amd64.zip - + curl -sL --head --fail https://github.com/mondoohq/cnquery/releases/download/v${{ steps.version.outputs.version }}/cnquery_${{ steps.version.outputs.version }}_windows_amd64.zip \ + https://github.com/mondoohq/cnspec/releases/download/v${{ steps.version.outputs.version }}/cnspec_${{ steps.version.outputs.version }}_windows_amd64.zip \ + https://github.com/mondoohq/cnquery/releases/download/v${{ steps.version.outputs.version }}/cnquery_${{ steps.version.outputs.version }}_windows_arm64.zip \ + https://github.com/mondoohq/cnspec/releases/download/v${{ steps.version.outputs.version }}/cnspec_${{ steps.version.outputs.version }}_windows_arm64.zip dist-prepare: - name: 'Prepare Distribution for Packaging' + name: Prepare Distribution for Packaging + strategy: + matrix: + arch: + - amd64 + - arm64 runs-on: ubuntu-latest needs: setup steps: @@ -69,25 +75,31 @@ jobs: VERSION: ${{ needs.setup.outputs.version }} run: | # TODO: We should check the sums here - mkdir -p dist && cd dist - curl -sSL -O https://github.com/mondoohq/cnspec/releases/download/v${VERSION}/cnspec_${VERSION}_windows_amd64.zip - unzip cnspec_${VERSION}_windows_amd64.zip - rm cnspec_${VERSION}_windows_amd64.zip - curl -sSL -O https://github.com/mondoohq/cnquery/releases/download/v${VERSION}/cnquery_${VERSION}_windows_amd64.zip - unzip cnquery_${VERSION}_windows_amd64.zip - rm cnquery_${VERSION}_windows_amd64.zip + mkdir -p dist/${{ matrix.arch }} && cd dist/${{ matrix.arch }} + curl -sSL -O https://github.com/mondoohq/cnspec/releases/download/v${VERSION}/cnspec_${VERSION}_windows_${{ matrix.arch }}.zip + unzip cnspec_${VERSION}_windows_${{ matrix.arch }}.zip + rm cnspec_${VERSION}_windows_${{ matrix.arch }}.zip + curl -sSL -O https://github.com/mondoohq/cnquery/releases/download/v${VERSION}/cnquery_${VERSION}_windows_${{ matrix.arch }}.zip + unzip cnquery_${VERSION}_windows_${{ matrix.arch }}.zip + rm cnquery_${VERSION}_windows_${{ matrix.arch }}.zip ls -lh - name: Upload Distribution uses: actions/upload-artifact@v4 with: - name: dist - path: dist - + name: dist-${{ matrix.arch }} + path: dist/${{ matrix.arch }} msi-build: name: 'Packaging: Windows MSI' runs-on: windows-latest - needs: [ setup, dist-prepare ] + strategy: + matrix: + arch: + - amd64 + - arm64 + needs: + - setup + - dist-prepare # For Version: ${{ needs.setup.outputs.version }} steps: - name: Checkout repository @@ -95,8 +107,8 @@ jobs: - name: Download Distribution uses: actions/download-artifact@v4 with: - name: dist - path: dist + name: dist-${{ matrix.arch }} + path: dist/${{ matrix.arch }} - name: Setup Certificate shell: bash @@ -131,19 +143,19 @@ jobs: run: | $mondooVersion = ${env:VERSION} echo "Running build job for version ${mondooVersion}" - Copy-Item .\dist\cnquery.exe .\packages\msi\msi\ - Copy-Item .\dist\cnspec.exe .\packages\msi\msi\ - Copy-Item .\dist\cnquery.exe .\packages\msi\appx\ - Copy-Item .\dist\cnspec.exe .\packages\msi\appx\ + Copy-Item .\dist\${{ matrix.arch }}\cnquery.exe .\packages\msi\msi\ + Copy-Item .\dist\${{ matrix.arch }}\cnspec.exe .\packages\msi\msi\ + Copy-Item .\dist\${{ matrix.arch }}\cnquery.exe .\packages\msi\appx\ + Copy-Item .\dist\${{ matrix.arch }}\cnspec.exe .\packages\msi\appx\ # build msi package echo " - Packaging MSI..." Set-Location -Path '.\packages\msi\' - ./package.ps1 -version $mondooVersion + ./package.ps1 -version $mondooVersion -arch ${{ matrix.arch }} # sign msi package echo " - Signing MSI..." Set-Location -Path '.\..\..' - signtool.exe sign /debug /sha1 ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 .\packages\msi\mondoo.msi - Copy-Item '.\packages\msi\mondoo.msi' '.\dist\' + signtool.exe sign /debug /sha1 ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 .\packages\msi\mondoo_${{ matrix.arch }}.msi + Copy-Item '.\packages\msi\mondoo_${{ matrix.arch }}.msi' '.\dist\${{ matrix.arch }}' - name: Dump Signing Log on Failure if: failure() run: | @@ -158,15 +170,14 @@ jobs: - name: Cleanup dist before upload run: | - Remove-Item -Path .\dist\cnquery.exe -Force - Remove-Item -Path .\dist\cnspec.exe -Force + Remove-Item -Path .\dist\${{ matrix.arch }}\cnquery.exe -Force + Remove-Item -Path .\dist\${{ matrix.arch }}\cnspec.exe -Force - name: Upload Distribution uses: actions/upload-artifact@v4 with: - name: msi - path: dist/ - + name: msi-${{ matrix.arch }} + path: dist/${{ matrix.arch }} test-msi-install: name: Test Signed Package @@ -183,16 +194,16 @@ jobs: - name: Download MSI Package uses: actions/download-artifact@v4 with: - name: msi + name: msi-${{ matrix.arch }} path: dist - name: Verify digital signature is valid run: | cd dist - Get-AuthenticodeSignature -FilePath .\\mondoo.msi + Get-AuthenticodeSignature -FilePath .\\mondoo_${{ matrix.arch }}.msi - name: Install artifact run: | cd dist - msiexec /qn /i mondoo.msi + msiexec /qn /i mondoo_${{ matrix.arch }}.msi - name: Verify the correct cnquery version is installed run: | $version=& 'C:\Program Files\Mondoo\cnquery.exe' version @@ -220,10 +231,17 @@ jobs: run: | & 'C:\Program Files\Mondoo\cnspec.exe' policy download mondoo-windows-installer -f mondoo-windows-installer.mql.yaml & 'C:\Program Files\Mondoo\cnspec.exe' scan local --detect-cicd --score-threshold 100 -o full --policy-bundle mondoo-windows-installer.mql.yaml - + - name: Logout from edge with cnspec + run: | + & 'C:\Program Files\Mondoo\cnspec.exe' logout --config C:\ProgramData\Mondoo\mondoo.yml --force publish: name: 'Publish: Releases' + strategy: + matrix: + arch: + - amd64 + - arm64 needs: - setup - msi-build @@ -236,15 +254,15 @@ jobs: - name: Download MSI Package uses: actions/download-artifact@v4 with: - name: msi + name: msi-${{ matrix.arch }} path: dist - name: Authenticate with Google Cloud id: gauth - uses: 'google-github-actions/auth@v2' + uses: google-github-actions/auth@v2 with: - credentials_json: '${{secrets.GCP_CREDENTIALS}}' - - name: 'Set up Cloud SDK' - uses: 'google-github-actions/setup-gcloud@v2' + credentials_json: ${{secrets.GCP_CREDENTIALS}} + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v2 - name: Verify access to release bucket env: VERSION: ${{ needs.setup.outputs.version }} @@ -255,10 +273,10 @@ jobs: VERSION: ${{ needs.setup.outputs.version }} run: | cd dist - mv mondoo.msi mondoo_${VERSION}_windows_amd64.msi - sha256sum mondoo_${VERSION}_windows_amd64.msi >> checksums.windows.txt - gsutil cp checksums.windows.txt gs://releases-us.mondoo.io/mondoo/${VERSION}/checksums.windows.txt - gsutil cp mondoo_${VERSION}_windows_amd64.msi gs://releases-us.mondoo.io/mondoo/${VERSION}/mondoo_${VERSION}_windows_amd64.msi + mv mondoo_${{ matrix.arch }}.msi mondoo_${VERSION}_windows_${{ matrix.arch }}.msi + sha256sum mondoo_${VERSION}_windows_${{ matrix.arch }}.msi >> checksums.windows_${{ matrix.arch }}.txt + gsutil cp checksums.windows_${{ matrix.arch }}.txt gs://releases-us.mondoo.io/mondoo/${VERSION}/checksums.windows_${{ matrix.arch }}.txt + gsutil cp mondoo_${VERSION}_windows_${{ matrix.arch }}.msi gs://releases-us.mondoo.io/mondoo/${VERSION}/mondoo_${VERSION}_windows_${{ matrix.arch }}.msi - name: Reindex folder on releaser.mondoo.com uses: peter-evans/repository-dispatch@v3 env: @@ -273,5 +291,4 @@ jobs: }' - name: Cleanup run: | - rm -f "${{ steps.gauth.outputs.credentials_file_path }}" - + rm -f "${{ steps.gauth.outputs.credentials_file_path }}" \ No newline at end of file diff --git a/.gitignore b/.gitignore index ae426573..7e1b627b 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,10 @@ packages/msi/v16 # Arch AUR Generated Files packages/archlinux/cnquery -packages/archlinux/cnspec \ No newline at end of file +packages/archlinux/cnspec + +# vscode +.vscode + +# OS caches +.DS_Store diff --git a/packages/msi/msi/Product.wxs b/packages/msi/msi/Product.wxs index 6fc814fc..a04f78c6 100644 --- a/packages/msi/msi/Product.wxs +++ b/packages/msi/msi/Product.wxs @@ -6,13 +6,28 @@ - - + - + + + + + + + + + + @@ -21,17 +36,19 @@ + + diff --git a/packages/msi/package.ps1 b/packages/msi/package.ps1 index 7d6fb097..217784ad 100644 --- a/packages/msi/package.ps1 +++ b/packages/msi/package.ps1 @@ -3,9 +3,12 @@ # use: ./package.ps1 -version 0.32.0 param ( - [string]$version = 'x.xx.x' + [string]$version = 'x.xx.x', + [string]$arch = 'amd64|arm64' ) +$platform = $arch -eq "amd64" ? "x64" : $arch + function info($msg) { Write-Host $msg -f white } # info "build appx package" @@ -16,7 +19,8 @@ function info($msg) { Write-Host $msg -f white } info "build msi package $version" # delete previous build -Remove-Item .\mondoo.msi -ErrorAction Ignore +Remove-Item ".\mondoo.msi" -ErrorAction Ignore +Remove-Item ".\mondoo_${arch}.msi" -ErrorAction Ignore cd msi # delete previous intermediate files Remove-Item .\Product.wixobj -ErrorAction Ignore @@ -24,14 +28,16 @@ Remove-Item .\mondoo.wixpdb -ErrorAction Ignore # build package dir 'C:\Program Files (x86)\' info "run candle (standard)" -& 'C:\Program Files (x86)\WiX Toolset v3.14\bin\candle' -nologo -arch x64 -dMondooSKU="standard" -dProductVersion="$version" -ext WixUtilExtension Product.wxs +& 'C:\Program Files (x86)\WiX Toolset v3.14\bin\candle' -nologo -dMondooSKU="standard" -darch="$platform" -dProductVersion="$version" -ext WixUtilExtension Product.wxs info "run light (standard)" -& 'C:\Program Files (x86)\WiX Toolset v3.14\bin\light' -nologo -dcl:high -cultures:en-us -loc en-us.wxl -ext WixUIExtension -ext WixUtilExtension product.wixobj -o mondoo.msi + +& 'C:\Program Files (x86)\WiX Toolset v3.14\bin\light' -nologo -dcl:high -cultures:en-us -loc en-us.wxl -ext WixUIExtension -ext WixUtilExtension product.wixobj -o "mondoo_${arch}.msi" # delete previous intermediate files Remove-Item .\Product.wixobj -ErrorAction Ignore Remove-Item .\mondoo.wixpdb -ErrorAction Ignore cd .. -Move-Item .\msi\mondoo.msi . +Move-Item ".\msi\mondoo_${arch}.msi" . +