ci: Change of not signing the Installer after build

jakub-kocka · jakub-kocka · commit c5a22849e8f4 · 2025-11-28T11:05:43.000+01:00
diff --git a/.github/workflows/build-installer.yml b/.github/workflows/build-installer.yml
@@ -44,7 +44,7 @@ jobs:
     build-installer-offline:
         name: Build Offline Installer
         if: inputs.installer_type == 'offline'
-        uses: espressif/idf-installer/.github/workflows/build-offline-installer.yml@main
+        uses: espressif/idf-installer/.github/workflows/build-offline-installer.yml@change/not_signing_releases
         with:
             esp_idf_version: ${{ inputs.esp_idf_version }}
         secrets: inherit
diff --git a/.github/workflows/build-offline-installer.yml b/.github/workflows/build-offline-installer.yml
@@ -44,7 +44,7 @@ jobs:
           CERTIFICATE: ${{ secrets.CERTIFICATE }}
           CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
         shell: pwsh
-        run: .\Build-Installer.ps1 -InstallerType offline -OfflineBranch v${{ env.IDF_BRANCH }}
+        run: .\Build-Installer.ps1 -InstallerType offline -SignInstaller $false -OfflineBranch v${{ env.IDF_BRANCH }}
 
       - name: Create Release
         id: create_release
@@ -54,12 +54,12 @@ jobs:
         with:
           tag_name: ${{ env.VERSION }}
           release_name: Release ${{ env.VERSION }}
-          draft: false
-          prerelease: false
+          draft: true
+          prerelease: true
 
       - name: Get installer size and store it to file
         run: |
-          echo $(Get-ItemProperty -Path .\build\esp-idf-tools-setup-offline-signed.exe | Select-Object -ExpandProperty Length) > variables.txt
+          echo $(Get-ItemProperty -Path .\build\esp-idf-tools-setup-offline-unsigned.exe | Select-Object -ExpandProperty Length) > variables.txt
           echo "Instaler size from variable is $(Get-Content variables.txt)"
       - name: Upload artifacts of installer size
         uses: actions/upload-artifact@v4
@@ -74,7 +74,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./build/esp-idf-tools-setup-offline-signed.exe
+          asset_path: ./build/esp-idf-tools-setup-offline-unsigned.exe
           asset_name: esp-idf-tools-setup-${{ env.VERSION }}.exe
           asset_content_type: application/octet-stream
 
@@ -85,4 +85,4 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
         shell: pwsh
-        run: aws s3 cp --acl=public-read --no-progress ./build/esp-idf-tools-setup-offline-signed.exe s3://${{ secrets.DL_BUCKET }}/dl/idf-installer/esp-idf-tools-setup-${{ env.VERSION }}.exe
+        run: aws s3 cp --acl=public-read --no-progress ./build/esp-idf-tools-setup-offline-unsigned.exe s3://${{ secrets.DL_BUCKET }}/dl/idf-installer/esp-idf-tools-setup-${{ env.VERSION }}.exe
diff --git a/.github/workflows/re-upload_release_to_dl_esp.yml b/.github/workflows/re-upload_release_to_dl_esp.yml
@@ -0,0 +1,72 @@
+name: re-upload_release_to_dl_esp
+
+on:
+    workflow_dispatch:
+        inputs:
+            release_tag:
+                type: string
+                description: 'Release Tag'
+                required: true
+    issue_comment:
+        types: [created]
+
+jobs:
+    re-upload:
+        runs-on: ubuntu-latest
+        # Only run if manually triggered OR if comment starts with "/re-upload-asset"
+        if: github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/re-upload-asset'))
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            - name: Parse release tag from comment or input
+              id: get-tag
+              run: |
+                if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+                  TAG="${{ github.event.inputs.release_tag }}"
+                else
+                  # Extract tag from comment like "/re-upload-asset offline-5.4.3"
+                  TAG=$(echo "${{ github.event.comment.body }}" | sed -n 's|^/re-upload-asset \+\([^ ]*\).*|\1|p')
+                fi
+                echo "release_tag=$TAG" >> $GITHUB_OUTPUT
+                echo "Using release tag: $TAG"
+
+            - name: Download Release Asset
+              id: download-asset
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  RELEASE_NAME: ${{ steps.get-tag.outputs.release_tag }}
+              run: |
+                  # Get the release by name/tag
+                  echo "Fetching release: $RELEASE_NAME"                  
+                  gh release download "$RELEASE_NAME" \
+                    --pattern "esp-idf-tools-setup-*.exe" \
+                    --dir ./build/ \
+                    --repo ${{ github.repository }}
+                  
+                  # Find the downloaded file and set as output
+                  ASSET_FILE=$(find ./build/ -name "esp-idf-tools-setup-*.exe" -type f | head -n1)
+                  echo "Downloaded asset: $ASSET_FILE"
+                  echo "asset_path=$ASSET_FILE" >> $GITHUB_OUTPUT
+                  
+                  # Extract version from filename for later use
+                  FILENAME=$(basename "$ASSET_FILE")
+                  VERSION=$(echo "$FILENAME" | sed -n 's/esp-idf-tools-setup-\(.*\)\.exe/\1/p')
+                  echo "version=$VERSION" >> $GITHUB_OUTPUT
+                  echo "Extracted version: $VERSION"
+
+            - name: Upload Release Asset To dl.espressif.com
+              id: upload-release-asset-espressif
+              env:
+                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+              run: |
+                  ASSET_PATH="${{ steps.download-asset.outputs.asset_path }}"
+                  VERSION="${{ steps.download-asset.outputs.version }}"
+                  
+                  echo "Uploading $ASSET_PATH to S3..."
+                  aws s3 cp --acl=public-read --no-progress "$ASSET_PATH" \
+                    s3://${{ secrets.DL_BUCKET }}/dl/idf-installer/esp-idf-tools-setup-$VERSION.exe
+                  
+                  echo "Upload completed successfully!"
diff --git a/Build-Installer.ps1 b/Build-Installer.ps1
@@ -635,7 +635,8 @@ if (0 -eq $LASTEXITCODE) {
 }
 
 if ($true -eq $SignInstaller) {
-    SignInstaller
+    # SignInstaller
+    "Leaving installer unsigned."
 } else {
     "Signing installer disabled by command line option. Leaving installer unsigned."
 }

Original file line number	Diff line number	Diff line change
`@@ -635,7 +635,8 @@ if (0 -eq $LASTEXITCODE) {`
`635`	`635`	`}`
`636`	`636`
`637`	`637`	`if ($true -eq $SignInstaller) {`
`638`		`- SignInstaller`
	`638`	`+ # SignInstaller`
	`639`	`+ "Leaving installer unsigned."`
`639`	`640`	`} else {`
`640`	`641`	`"Signing installer disabled by command line option. Leaving installer unsigned."`
`641`	`642`	`}`