sudacode/SubMiner
1
0
Fork 0
mirror of https://github.com/ksyasuda/SubMiner.git synced 2026-03-20 03:16:46 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden windows release signing workflow

Browse Source
This commit is contained in:
Kyle Yasuda
2026-03-08 20:24:47 -07:00
parent 7a196f69d6
commit 58ec9b76e0
4 changed files with 156 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/release-workflow.test.ts
View File

@@ -7,11 +7,19 @@ const releaseWorkflowPath = resolve(__dirname, '../.github/workflows/release.yml
const releaseWorkflow = readFileSync(releaseWorkflowPath, 'utf8');
const makefilePath = resolve(__dirname, '../Makefile');
const makefile = readFileSync(makefilePath, 'utf8');
const packageJsonPath = resolve(__dirname, '../package.json');
const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf8')) as {
scripts: Record<string, string>;
};
test('publish release leaves prerelease unset so gh creates a normal release', () => {
assert.ok(!releaseWorkflow.includes('--prerelease'));
});
test('publish release forces an existing draft tag release to become public', () => {
assert.ok(releaseWorkflow.includes('--draft=false'));
});
test('release workflow verifies a committed changelog section before publish', () => {
assert.match(releaseWorkflow, /bun run changelog:check/);
});
@@ -26,6 +34,19 @@ test('release workflow includes the Windows installer in checksums and uploaded
assert.match(releaseWorkflow, /artifacts=\([\s\S]*release\/\*\.exe[\s\S]*release\/SHA256SUMS\.txt[\s\S]*\)/);
});
test('release package scripts disable implicit electron-builder publishing', () => {
assert.match(packageJson.scripts['build:appimage'] ?? '', /--publish never/);
assert.match(packageJson.scripts['build:mac'] ?? '', /--publish never/);
assert.match(packageJson.scripts['build:win'] ?? '', /--publish never/);
});
test('windows release workflow retries SignPath submission and fails only after exhausting attempts', () => {
assert.match(releaseWorkflow, /Submit Windows signing request \(attempt 1\)/);
assert.match(releaseWorkflow, /Submit Windows signing request \(attempt 2\)/);
assert.match(releaseWorkflow, /Submit Windows signing request \(attempt 3\)/);
assert.match(releaseWorkflow, /All SignPath signing attempts failed; rerun the workflow when SignPath is healthy\./);
});
test('Makefile routes Windows install-plugin setup through bun and documents Windows builds', () => {
assert.match(makefile, /windows\) printf '%s\\n' "\[INFO\] Windows builds run via: bun run build:win" ;;/);
assert.match(makefile, /bun \.\/scripts\/configure-plugin-binary-path\.mjs/);