mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-04 05:11:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Lets see if this works for linux first

Browse Source
This commit is contained in:
shijie-openai
2025-10-22 14:20:50 -07:00
parent 8c0d728461
commit 0e1a8703e5
1 changed files with 81 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
.github/workflows/rust-release.yml vendored
View File

@@ -281,6 +281,78 @@ jobs:
notarize_binary "codex"
notarize_binary "codex-responses-api-proxy"
- if: ${{ startsWith(matrix.runner, 'windows') && github.event_name == 'push' }}
name: Configure Windows code signing
shell: pwsh
env:
WINDOWS_CODESIGN_CERTIFICATE_PFX: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PFX }}
WINDOWS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD }}
run: |
Set-StrictMode -Version Latest
if (-not $env:WINDOWS_CODESIGN_CERTIFICATE_PFX) {
Write-Error "WINDOWS_CODESIGN_CERTIFICATE_PFX is required for Windows signing"
}
if (-not $env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD) {
Write-Error "WINDOWS_CODESIGN_CERTIFICATE_PASSWORD is required for Windows signing"
}
$certPath = Join-Path $env:RUNNER_TEMP 'windows_signing_certificate.pfx'
[System.IO.File]::WriteAllBytes($certPath, [System.Convert]::FromBase64String($env:WINDOWS_CODESIGN_CERTIFICATE_PFX))
"WINDOWS_CODESIGN_CERTIFICATE_PATH=$certPath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- if: ${{ startsWith(matrix.runner, 'windows') && github.event_name == 'push' }}
name: Sign Windows binaries
shell: pwsh
env:
WINDOWS_CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE_PASSWORD }}
MATRIX_TARGET: ${{ matrix.target }}
run: |
Set-StrictMode -Version Latest
$certPath = $env:WINDOWS_CODESIGN_CERTIFICATE_PATH
if (-not $certPath) {
Write-Error "WINDOWS_CODESIGN_CERTIFICATE_PATH is required for Windows signing"
}
if (-not (Test-Path $certPath)) {
Write-Error "Certificate file not found at $certPath"
}
$arch = if ($env:MATRIX_TARGET -eq 'aarch64-pc-windows-msvc') { 'arm64' } else { 'x64' }
$signtoolSearchRoot = "${env:ProgramFiles(x86)}\Windows Kits\10\bin"
$signtool = Get-ChildItem -Path $signtoolSearchRoot -Recurse -Filter signtool.exe | Where-Object { $_.FullName -match "\\$arch\\" } | Sort-Object FullName -Descending | Select-Object -First 1
if (-not $signtool) {
$signtool = Get-ChildItem -Path $signtoolSearchRoot -Recurse -Filter signtool.exe | Sort-Object FullName -Descending | Select-Object -First 1
}
if (-not $signtool) {
Write-Error "signtool.exe not found"
}
$binaries = @(
"target/${{ matrix.target }}/release/codex.exe",
"target/${{ matrix.target }}/release/codex-responses-api-proxy.exe"
)
foreach ($binary in $binaries) {
if (-not (Test-Path $binary)) {
Write-Error "Binary $binary not found"
}
}
foreach ($binary in $binaries) {
& $signtool.FullName sign `
/fd SHA256 `
/td SHA256 `
/tr http://timestamp.digicert.com `
/f $certPath `
/p $env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD `
$binary
}
- name: Stage artifacts
shell: bash
run: |
@@ -339,11 +411,11 @@ jobs:
zstd -T0 -19 --rm "$dest/$base"
done
- if: ${{ contains(matrix.target, 'unknown-linux') && github.event_name == 'push' }}
- if: ${{ contains(matrix.target, 'unknown-linux')}}
name: Install cosign
uses: sigstore/cosign-installer@v3.7.0
- if: ${{ contains(matrix.target, 'unknown-linux') && github.event_name == 'push' }}
- if: ${{ contains(matrix.target, 'unknown-linux')}}
name: Cosign Linux artifacts
shell: bash
env:
@@ -394,6 +466,13 @@ jobs:
fi
fi
- name: Remove Windows signing certificate
if: ${{ always() && startsWith(matrix.runner, 'windows') && github.event_name == 'push' }}
shell: pwsh
run: |
if ($env:WINDOWS_CODESIGN_CERTIFICATE_PATH -and (Test-Path $env:WINDOWS_CODESIGN_CERTIFICATE_PATH)) {
Remove-Item -Force $env:WINDOWS_CODESIGN_CERTIFICATE_PATH
}
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.target }}