This applies the changes from the separate Windows HSM signing prototype development to the official deployment workflow including:
1. Use of Azure Code Signing client
2. Sourcing signtool.exe from runner
3. Moving from batch to PowerShell for Windows signing script
4. Using the same signing process for .exe and .msi
This is because most people install gh through a package manager, and people usually prefer for their package manager to check for updates instead of the gh process doing it at runtime.
- The certificate pfx file is now read from WINDOWS_CERT_PFX
- The password to decode the pfx is in WINDOWS_CERT_PASSWORD
- Quit reading from desktop-secrets repo
- Switch osslsigncode to take in pfx instead of individual certs
- 🔥 obsolete setup scripts
- Fix name of man pages for all but the toplevel command
- Set title of all man pages to "GitHub CLI manual"
- Include gh version information in man pages
- Clean up rendering of flags section
- List subcommands for every command
`nfpms.files` is deprecated: <https://goreleaser.com/deprecations/#nfpmsfiles>
```shell
goreleaser version 0.172.1
commit: 32a44ab928879bb32c1e266b80de32e07d5d6721
```
Before this commit, `goreleaser check` prints this:
```shell
$goreleaser check
• loading config file file=.goreleaser.yml
⨯ command failed error=yaml: unmarshal errors:
line 67: field files not found in type config.NFPM
```
- deb and rpm packages are now built for prereleases
- consolidate setup for deb & rpm
- man pages are generated for prereleases
- the `cli.github.com` site is only pushed to on full releases
Bonus:
- only publish the GitHub release after the Windows MSI is uploaded
- hub does not need downloading
The changelog is generated using the git log of pull request merges
since the last tagged release, and is in the following format:
* {PR title} #{PR number}
This commit:
- Adds config for building Windows installers
- Adds an action for fetching exe files built by goreleaser
- Adds an action for building Windows installers
- Adds an action for adding MSI files to an existing GH release
- Adds MSI signing to our release flow
- Disables homebrew formula bumping for prereleases
- Allows the release asset copying action to copy windows assets
Currently, goreleaser injects the date that includes time & timezone
information, but this is visually noisy. This configures it to inject
the simpler `2019-12-16` date format into the build, which also matches
what our Makefile does in development.
