-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbuild.ps1
More file actions
155 lines (128 loc) · 4.66 KB
/
build.ps1
File metadata and controls
155 lines (128 loc) · 4.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<#
.SYNOPSIS
One-stop entry point for building, signing, testing, and verifying a
Claude Code Install Manager release.
.DESCRIPTION
Wraps the lower-level scripts under scripts/. Defaults to an unsigned
local build that runs the Pester test suite and the user-side
verify-release.ps1 against its own output.
For a signed release, pass either -CertPath / -CertPassword (PFX on
disk) or -Thumbprint (cert in Cert:\CurrentUser\My, for EV certs in
a hardware token).
.PARAMETER OutDir
Release directory. Defaults to release/dist.
.PARAMETER CertPath
Path to a .pfx code-signing certificate. Implies -Sign.
.PARAMETER CertPassword
SecureString PFX password. Prompted if -CertPath is given without
-CertPassword.
.PARAMETER Thumbprint
SHA1 thumbprint of a code-signing cert in Cert:\CurrentUser\My.
Implies -Sign.
.PARAMETER TimestampUrl
RFC 3161 timestamp server. Defaults to DigiCert's.
.PARAMETER SkipTests
Don't run Pester tests. Default: tests run.
.PARAMETER SkipVerify
Don't run verify-release.ps1 on the output. Default: verify runs.
.PARAMETER Clean
Wipe OutDir before building.
.EXAMPLE
# Local unsigned dev build with tests + verify.
.\build.ps1
.EXAMPLE
# Signed release using a PFX.
.\build.ps1 -CertPath C:\certs\simtabi-codesign.pfx -CertPassword (Read-Host -AsSecureString)
.EXAMPLE
# Signed release using a thumbprint (EV cert).
.\build.ps1 -Thumbprint 1234ABCD5678EF901234ABCD5678EF901234ABCD
.EXAMPLE
# CI usage: build unsigned, skip Pester (run separately), still verify.
.\build.ps1 -SkipTests -Clean
#>
[CmdletBinding(DefaultParameterSetName = 'Unsigned')]
param(
[string] $OutDir = (Join-Path $PSScriptRoot 'release/dist'),
[Parameter(ParameterSetName = 'Pfx', Mandatory)]
[string] $CertPath,
[Parameter(ParameterSetName = 'Pfx')]
[System.Security.SecureString] $CertPassword,
[Parameter(ParameterSetName = 'Thumbprint', Mandatory)]
[string] $Thumbprint,
[string] $TimestampUrl = 'http://timestamp.digicert.com',
[switch] $SkipTests,
[switch] $SkipVerify,
[switch] $Clean
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 3
$repoRoot = $PSScriptRoot
$scriptsDir = Join-Path $repoRoot 'scripts'
$buildPs1 = Join-Path $scriptsDir 'build-launcher.ps1'
$verifyPs1 = Join-Path $scriptsDir 'verify-release.ps1'
$testsDir = Join-Path $scriptsDir 'tests'
function Step([string] $msg) {
Write-Host ''
Write-Host "==> $msg" -ForegroundColor Cyan
}
# ---- Clean -----------------------------------------------------------------
if ($Clean -and (Test-Path -LiteralPath $OutDir)) {
Step "Cleaning $OutDir"
Remove-Item -LiteralPath $OutDir -Recurse -Force
}
# ---- Tests -----------------------------------------------------------------
if (-not $SkipTests) {
Step "Running Pester tests"
$pester = Get-Module -ListAvailable -Name Pester |
Sort-Object Version -Descending |
Select-Object -First 1
if (-not $pester) {
Write-Warning "Pester not installed. Skipping tests. Install with:"
Write-Warning " Install-Module -Name Pester -Scope CurrentUser -Force"
} else {
Import-Module Pester -MinimumVersion 5.0
$config = New-PesterConfiguration
$config.Run.Path = $testsDir
$config.Run.Exit = $false
$config.Output.Verbosity = 'Detailed'
$config.TestResult.Enabled = $false
$result = Invoke-Pester -Configuration $config
if ($result.FailedCount -gt 0) {
throw "$($result.FailedCount) Pester test(s) failed."
}
}
}
# ---- Build -----------------------------------------------------------------
Step "Building launcher"
$buildArgs = @{
OutDir = $OutDir
TimestampUrl = $TimestampUrl
}
switch ($PSCmdlet.ParameterSetName) {
'Pfx' {
$buildArgs['CertPath'] = $CertPath
if ($CertPassword) { $buildArgs['CertPassword'] = $CertPassword }
}
'Thumbprint' {
$buildArgs['Thumbprint'] = $Thumbprint
}
'Unsigned' {
$buildArgs['SkipSign'] = $true
}
}
& $buildPs1 @buildArgs
# ---- Verify ----------------------------------------------------------------
if (-not $SkipVerify) {
Step "Verifying output"
$verifyArgs = @{ ReleaseDir = $OutDir }
if ($PSCmdlet.ParameterSetName -eq 'Unsigned') {
$verifyArgs['AllowUnsigned'] = $true
}
& $verifyPs1 @verifyArgs
if ($LASTEXITCODE -ne 0) {
throw "verify-release.ps1 reported a problem (exit $LASTEXITCODE)."
}
}
Step "Done"
Write-Host "Release directory: $OutDir" -ForegroundColor Green
Get-ChildItem -LiteralPath $OutDir | Format-Table Name, Length, LastWriteTime | Out-Host