Merge branch 'dev' of https://github.com/zen-browser/desktop into dev

build/winsign/sign.ps1

@@ -1,119 +1,136 @@
 param(
-    [ValidateNotNullOrEmpty()]
     [string][Parameter(Mandatory=$true)]$SignIdentity,
-
-    [ValidateNotNullOrEmpty()]
     [string][Parameter(Mandatory=$true)]$GithubRunId
 )
 
 $ErrorActionPreference = "Stop"
 
-function Download-Artifacts {
-    param(
-        [string]$Name,
-        [string]$GithubRunId
-    )
-    gh run download $GithubRunId --name $Name -D (Join-Path $PWD 'windsign-temp\windows-x64-obj-' + $Name)
-    Write-Verbose "Downloaded $Name artifacts"
-}
+echo "Preparing environment"
+git pull --recurse-submodules
+mkdir windsign-temp -ErrorAction SilentlyContinue
 
-function Sign-Files {
-    param(
-        [string]$Path
-    )
-    $files = Get-ChildItem -Path $Path -Recurse -Include *.exe, *.dll
-    signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files
-}
+# Download in parallel
 
-function Move-File {
-    param(
-        [string]$Source,
-        [string]$Destination
-    )
-    if (Test-Path $Source) {
-        Move-Item $Source -Destination $Destination -Force
-        Write-Verbose "Moved $Source to $Destination"
-    } else {
-        Write-Warning "Source file $Source does not exist."
-    }
-}
+#show output too
+#Start-Job -Name "DownloadGitObjectsRepo" -ScriptBlock {
+#    param($PWD)
+#    echo "Downloading git objects repo to $PWD\windsign-temp\windows-binaries"
+#    git clone https://github.com/zen-browser/windows-binaries.git $PWD\windsign-temp\windows-binaries
+#    echo "Downloaded git objects repo to"
+#} -Verbose -ArgumentList $PWD -Debug
 
-function Create-Tar {
-    param(
-        [string]$Name
-    )
-    $tarPath = Join-Path $PWD "windsign-temp\windows-x64-signed-$Name"
-    Remove-Item -Path $tarPath -Recurse -ErrorAction SilentlyContinue
-    New-Item -ItemType Directory -Path $tarPath | Out-Null
-
-    Move-File -Source ".\dist\output.mar" -Destination (Join-Path $tarPath ("windows-$Name.mar"))
-    Move-File -Source ".\dist\zen.installer.exe" -Destination (Join-Path $tarPath ("zen.installer$($Name -eq 'arm64' ? '-arm64' : '') .exe"))
-    Move-File -Source (Get-ChildItem ".\dist\*.en-US.win64$($Name -eq 'arm64' ? '-aarch64' : '') .zip" | Select-Object -First 1) -Destination (Join-Path $tarPath ("zen.win-$Name.zip"))
-}
+gh run download $GithubRunId --name windows-x64-obj-arm64 -D windsign-temp\windows-x64-obj-arm64
+echo "Downloaded arm64 artifacts"
+gh run download $GithubRunId --name windows-x64-obj-x86_64 -D windsign-temp\windows-x64-obj-x86_64
+echo "Downloaded x86_64 artifacts"
 
-function SignAndPackage {
-    param(
-        [string]$Name
-    )
 
-    Write-Verbose "Executing on $Name"
-    Remove-Item -Path ".\dist" -Recurse -ErrorAction SilentlyContinue
-    Remove-Item -Path "engine\obj-x86_64-pc-windows-msvc\" -Recurse -ErrorAction SilentlyContinue
-    Copy-Item -Path (Join-Path $PWD "windsign-temp\windows-x64-obj-$Name") -Destination "engine\obj-x86_64-pc-windows-msvc\" -Recurse
-    Write-Verbose "Signing $Name"
+#Wait-Job -Name "DownloadGitObjectsRepo"
 
-    Sign-Files -Path "engine\obj-x86_64-pc-windows-msvc\"
+mkdir engine\obj-x86_64-pc-windows-msvc\ -ErrorAction SilentlyContinue
 
-    $env:SURFER_SIGNING_MODE = "sign"
-    $env:MAR = (Join-Path $PWD "build\winsign\mar.exe")
-    $env:SURFER_COMPAT = if ($Name -eq "arm64") { "aarch64" } else { "x86_64" }
-    Write-Verbose "Compat Mode? $env:SURFER_COMPAT"
+pnpm surfer ci --brand release
 
-    pnpm surfer package --verbose
+function SignAndPackage($name) {
+    echo "Executing on $name"
+    rmdir .\dist -Recurse -ErrorAction SilentlyContinue
+    rmdir engine\obj-x86_64-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
+    cp windsign-temp\windows-x64-obj-$name engine\obj-x86_64-pc-windows-msvc\ -Recurse
+    echo "Signing $name"
+
+    # Collect all .exe and .dll files into a list
+    $files = Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Include *.exe
+    $files += Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Include *.dll
+
+    signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files
+    echo "Packaging $name"
+    $env:SURFER_SIGNING_MODE="sign"
+    $env:MAR="$PWD\\build\\winsign\\mar.exe"
+    if ($name -eq "arm64") {
+        $env:SURFER_COMPAT="aarch64"
+    } else {
+        $env:SURFER_COMPAT="x86_64"
+    }
 
-    Create-Tar -Name $Name
+    echo "Compat Mode? $env:SURFER_COMPAT"
+    pnpm surfer package --verbose
 
-    # Extract and sign the contents of the zip
-    Expand-Archive -Path (Join-Path $tarPath ("zen.win-$Name.zip")) -DestinationPath (Join-Path $tarPath ("zen.win-$Name"))
-    Remove-Item -Path (Join-Path $tarPath ("zen.win-$Name.zip")) -ErrorAction SilentlyContinue
+    # In the release script, we do the following:
+    #  tar -xvf .github/workflows/object/windows-x64-signed-x86_64.tar.gz -C windows-x64-signed-x86_64
+    # We need to create a tar with the same structure and no top-level directory
+    # Inside, we need:
+    #  - update_manifest/*
+    #  - windows.mar
+    #  - zen.installer.exe
+    #  - zen.win-x86_64.zip
+    echo "Creating tar for $name"
+    rm .\windsign-temp\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue
+    mkdir windsign-temp\windows-x64-signed-$name
+
+    # Move the MAR, add the `-arm64` suffix if needed
+    echo "Moving MAR for $name"
+    if ($name -eq "arm64") {
+        mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows-$name.mar
+    } else {
+        mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows.mar
+    }
 
-    Sign-Files -Path (Join-Path $tarPath ("zen.win-$Name"))
-    Compress-Archive -Path (Join-Path $tarPath ("zen.win-$Name")) -DestinationPath (Join-Path $tarPath ("zen.win-$Name.zip"))
-    Remove-Item -Path (Join-Path $tarPath ("zen.win-$Name")) -Recurse -ErrorAction SilentlyContinue
+    # Move the installer
+    echo "Moving installer for $name"
+    if ($name -eq "arm64") {
+        mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer-$name.exe
+    } else {
+        mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer.exe
+    }
 
-    Move-File -Source ".\dist\update\*" -Destination (Join-Path $tarPath "update_manifest")
+    # Move the zip
+    echo "Moving zip for $name"
+    if ($name -eq "arm64") {
+        mv (Get-Item .\dist\*.en-US.win64-aarch64.zip) windsign-temp\windows-x64-signed-$name\zen.win-arm64.zip
+    } else {
+        mv (Get-Item .\dist\*.en-US.win64.zip) windsign-temp\windows-x64-signed-$name\zen.win-$name.zip
+    }
 
-    Write-Verbose "Finished $Name"
-}
+    # Extract the zip, sign everything inside, and repackage it
+    Expand-Archive -Path windsign-temp\windows-x64-signed-$name\zen.win-$name.zip -DestinationPath windsign-temp\windows-x64-signed-$name\zen.win-$name
+    rm windsign-temp\windows-x64-signed-$name\zen.win-$name.zip
+    $files = Get-ChildItem windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -Include *.exe
+    $files += Get-ChildItem windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -Include *.dll
+    signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha256 /v $files
+    Compress-Archive -Path windsign-temp\windows-x64-signed-$name\zen.win-$name -DestinationPath windsign-temp\windows-x64-signed-$name\zen.win-$name.zip
+    rmdir windsign-temp\windows-x64-signed-$name\zen.win-$name -Recurse -ErrorAction SilentlyContinue
 
-Write-Verbose "Preparing environment"
-git pull --recurse-submodules
-New-Item -ItemType Directory -Path "windsign-temp" -ErrorAction SilentlyContinue
+    # Move the manifest
+    mv .\dist\update\. windsign-temp\windows-x64-signed-$name\update_manifest
 
-Download-Artifacts -Name "windows-x64-obj-arm64" -GithubRunId $GithubRunId
-Download-Artifacts -Name "windows-x64-obj-x86_64" -GithubRunId $GithubRunId
+    echo "Invoking tar for $name"
+    # note: We need to sign it into a parent folder, called windows-x64-signed-$name
+    rmdir .\windsign-temp\windows-binaries\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue
+    mv windsign-temp\windows-x64-signed-$name .\windsign-temp\windows-binaries -Force
 
-New-Item -ItemType Directory -Path "engine\obj-x86_64-pc-windows-msvc" -ErrorAction SilentlyContinue
-pnpm surfer ci --brand release
+    echo "Finished $name"
+}
 
-SignAndPackage -Name "arm64"
-SignAndPackage -Name "x86_64"
+SignAndPackage arm64
+SignAndPackage x86_64
 
-Write-Verbose "All artifacts signed and packaged, ready for release!"
-Write-Verbose "Committing the changes to the repository"
-cd (Join-Path $PWD "windsign-temp\windows-binaries")
+echo "All artifacts signed and packaged, ready for release!"
+echo "Commiting the changes to the repository"
+cd windsign-temp\windows-binaries
 git add .
 git commit -m "Sign and package windows artifacts"
 git push
-cd - 
+cd ..\..
 
 # Cleaning up
-Write-Verbose "Cleaning up"
-Remove-Item -Path "windsign-temp\windows-x64-obj-x86_64" -Recurse -ErrorAction SilentlyContinue
-Remove-Item -Path "windsign-temp\windows-x64-obj-arm64" -Recurse -ErrorAction SilentlyContinue
 
-Write-Verbose "Opening Visual Studio Code"
-code .
-Write-Host "All done! Press Enter to continue."
-Read-Host
+echo "All done!"
+echo "All the artifacts (x86_64 and arm46) are signed and packaged, get a rest now!"
+Read-Host "Press Enter to continue"
+
+echo "Cleaning up"
+rmdir windsign-temp\windows-x64-obj-x86_64 -Recurse -ErrorAction SilentlyContinue
+rmdir windsign-temp\windows-x64-obj-arm64 -Recurse -ErrorAction SilentlyContinue
 
+echo "Opening visual studio code"
+code .