mirror of
https://github.com/oven-sh/bun
synced 2026-02-02 15:08:46 +00:00
73fe9a4484
## Summary - Implements automated Windows code signing for x64 and x64-baseline builds - Integrates DigiCert KeyLocker for secure certificate management - Adds CI/CD pipeline support for signing during builds ## Changes - Added `.buildkite/scripts/sign-windows.sh` script for automated signing - Updated CMake configurations to support signing workflow - Modified build scripts to integrate signing step ## Testing - Script tested locally with manual signing process - Successfully signed test binaries at: - `C:\Builds\bun-windows-x64\bun.exe` - `C:\Builds\bun-windows-x64-baseline\bun.exe` ## References Uses DigiCert KeyLocker tools for Windows signing ## Next Steps - Validate Buildkite environment variables in CI - Test full pipeline in CI environment --------- Co-authored-by: Jarred Sumner <jarred@bun.sh> Co-authored-by: Claude Bot <claude-bot@bun.sh> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
65 lines
1.9 KiB
PowerShell
Executable File
65 lines
1.9 KiB
PowerShell
Executable File
# Ensures that commands run in a Visual Studio environment.
|
|
# This is required to run commands like cmake and ninja on Windows.
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
if($env:VSINSTALLDIR -eq $null) {
|
|
Write-Host "Loading Visual Studio environment, this may take a second..."
|
|
|
|
$vswhere = "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe"
|
|
if (!(Test-Path $vswhere)) {
|
|
throw "Command not found: vswhere (did you install Visual Studio?)"
|
|
}
|
|
|
|
$vsDir = (& $vswhere -prerelease -latest -property installationPath)
|
|
if ($vsDir -eq $null) {
|
|
$vsDir = Get-ChildItem -Path "C:\Program Files\Microsoft Visual Studio\2022" -Directory
|
|
if ($vsDir -eq $null) {
|
|
throw "Visual Studio directory not found."
|
|
}
|
|
$vsDir = $vsDir.FullName
|
|
}
|
|
|
|
Push-Location $vsDir
|
|
try {
|
|
$vsShell = (Join-Path -Path $vsDir -ChildPath "Common7\Tools\Launch-VsDevShell.ps1")
|
|
. $vsShell -Arch amd64 -HostArch amd64
|
|
} finally {
|
|
Pop-Location
|
|
}
|
|
}
|
|
|
|
if($env:VSCMD_ARG_TGT_ARCH -eq "x86") {
|
|
throw "Visual Studio environment is targeting 32 bit, but only 64 bit is supported."
|
|
}
|
|
|
|
if ($args.Count -gt 0) {
|
|
$command = $args[0]
|
|
$commandArgs = @()
|
|
if ($args.Count -gt 1) {
|
|
$commandArgs = @($args[1..($args.Count - 1)] | % {$_})
|
|
}
|
|
|
|
# Don't print the full command as it may contain sensitive information like certificates
|
|
# Just show the command name and basic info
|
|
$displayArgs = @()
|
|
foreach ($arg in $commandArgs) {
|
|
if ($arg -match "^-") {
|
|
# Include flags
|
|
$displayArgs += $arg
|
|
} elseif ($arg -match "\.(mjs|js|ts|cmake|zig|cpp|c|h|exe)$") {
|
|
# Include file names
|
|
$displayArgs += $arg
|
|
} elseif ($arg.Length -gt 100) {
|
|
# Truncate long arguments (likely certificates or encoded data)
|
|
$displayArgs += "[REDACTED]"
|
|
} else {
|
|
$displayArgs += $arg
|
|
}
|
|
}
|
|
|
|
Write-Host "$ $command $displayArgs"
|
|
& $command $commandArgs
|
|
exit $LASTEXITCODE
|
|
}
|