Refactor build/winsign/sign.ps1 to download windows-x64-obj-generic

.github/workflows/alpha.yml

@@ -373,16 +373,16 @@ jobs:
             zen-generic.AppImage.zsync
             zen-specific.AppImage
             zen-specific.AppImage.zsync
-            zen.win-generic.zip
-            zen.win-specific.zip
+            windows-x64-signed-generic/zen.win-generic.zip
+            windows-x64-signed-specific/zen.win-specific.zip
             linux.mar
             linux-generic.mar
             windows-x64-signed-generic/windows-generic.mar
             windows-x64-signed-specific/windows.mar
             macos-x64.mar
             macos-aarch64.mar
-            zen.installer.exe
-            zen.installer-generic.exe
+            windows-x64-signed-specific/zen.installer.exe
+            windows-x64-signed-generic/zen.installer-generic.exe
             zen.macos-x64.dmg
             zen.macos-aarch64.dmg
 

.github/workflows/windows-alpha-build.yml

@@ -197,13 +197,6 @@ jobs:
           mv ./dist/output.mar windows${{ matrix.generic == true && '-generic' || '' }}.mar
           mv ./dist/zen.installer.exe ./zen.installer${{ matrix.generic == true && '-generic' || '' }}.exe
 
-      - name: Upload artifact
-        uses: actions/upload-artifact@v4
-        if: ${{ !inputs.generate-gpo }}
-        with:
-          name: zen.win-${{ matrix.generic == true && 'generic' || 'specific' }}.zip
-          path: ./zen.win-${{ matrix.generic == true && 'generic' || 'specific' }}.zip
-
       - name: Upload PGO build
         uses: actions/upload-artifact@v4
         if: ${{ inputs.generate-gpo }}

build/winsign/sign.ps1

@@ -1,25 +1,25 @@
 param(
-    [string][Parameter(Mandatory=$true)]$SignIdentity,
-    [string][Parameter(Mandatory=$true)]$RunID
+    [string][Parameter(Mandatory=$true)]$SignIdentity
 )
 
 $ErrorActionPreference = "Stop"
 
 echo "Preparing environment"
-rmdir windsign-temp -Recurse -ErrorAction SilentlyContinue
 mkdir windsign-temp -ErrorAction SilentlyContinue
+
+echo "Please UNZIP the generic and specific artifacts into windsign-temp"
+echo "With the following filenames:"
+echo "  - $pwd\windsign-temp\windows-x64-obj-specific"
+echo "  - $pwd\windsign-temp\windows-x64-obj-generic"
+Read-Host "Press Enter to continue when ready"
 mkdir engine\obj-x86_64-pc-windows-msvc\ -ErrorAction SilentlyContinue
 
 pnpm surfer ci --brand alpha
 
-echo "Downloading from runner with ID $RunID"
-gh run download $RunID --name "windows-x64-obj-specific" --dir windsign-temp\windows-x64-obj-specific
-gh run download $RunID --name "windows-x64-obj-generic" --dir windsign-temp\windows-x64-obj-generic
-
 function SignAndPackage($name) {
     echo "Executing on $name"
     rmdir engine\obj-x86_64-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
-    mv windsign-temp\windows-x64-obj-$name engine\obj-x86_64-pc-windows-msvc\
+    cp windsign-temp\windows-x64-obj-$name engine\obj-x86_64-pc-windows-msvc\ -Recurse
     echo "Signing $name"
     # Collect all .exe and .dll files into a list
     $files = Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Include *.exe
@@ -27,13 +27,43 @@ function SignAndPackage($name) {
     signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha1 /v $files
     echo "Packaging $name"
     $env:SURFER_SIGNING_MODE="sign"
-    $env:MAR="$PWD\build\winsign\mar.exe"
+    $env:MAR="$PWD\\build\\winsign\\mar.exe"
+
+    rm .\dist -Recurse -ErrorAction SilentlyContinue
     pnpm surfer package
 
-    echo "Taring $name"
-    tar -czf windows-x64-signed-$name.tar.gz dist\
+    # In the release script, we do the following:
+    #  tar -xvf .github/workflows/object/windows-x64-signed-generic.tar.gz -C windows-x64-signed-generic
+    # We need to create a tar with the same structure and no top-level directory
+    # Inside, we need:
+    #  - update_manifest/*
+    #  - windows.mar or windows-generic.mar
+    #  - zen.installer.exe or zen.installer-generic.exe
+    #  - zen.win-generic.zip or zen.win-specific.zip
+    echo "Creating tar for $name"
+    rm .\windsign-temp\windows-x64-signed-$name -Recurse -ErrorAction SilentlyContinue
+    mkdir windsign-temp\windows-x64-signed-$name
+    
+    # Move the MAR, add the `-generic` suffix if needed
+    if ($name -eq "generic") {
+        mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows-generic.mar
+    } else {
+        mv .\dist\output.mar windsign-temp\windows-x64-signed-$name\windows.mar
+    }
 
-    Move-Item windows-x64-signed-$name.tar.gz .github\workflows\object\windows-x64-signed-$name.tar.gz
+    # Move the installer
+    if ($name -eq "generic") {
+        mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer-generic.exe
+    } else {
+        mv .\dist\zen.installer.exe windsign-temp\windows-x64-signed-$name\zen.installer.exe
+    }
+
+    # Move the zip
+    mv .\dist\zen.win64.zip windsign-temp\windows-x64-signed-$name\zen.win-$name.zip
+
+    # Move the manifest
+    mv .\dist\update\* windsign-temp\windows-x64-signed-$name\
+    tar -cvf .\.github\workflows\object\windows-x64-signed-$name.tar -C .\windsign-temp\windows-x64-signed-$name .
 }
 
 SignAndPackage specific
@@ -42,7 +72,8 @@ SignAndPackage generic
 # Cleaning up
 
 echo "All done!"
+echo "All the artifacts (Generic and Specific) are signed and packaged, get a rest now!"
 Read-Host "Press Enter to continue"
 
 echo "Cleaning up" 
-rmdir windsign-temp -Recurse -ErrorAction SilentlyContinue
+rmdir windsign-temp -Recurse -ErrorAction SilentlyContinue

package.json

@@ -33,7 +33,7 @@
   },
   "homepage": "https://github.com/zen-browser/core#readme",
   "dependencies": {
-    "@zen-browser/surfer": "^1.4.10"
+    "@zen-browser/surfer": "^1.4.17"
   },
   "devDependencies": {
     "husky": "^9.1.5",

pnpm-lock.yaml

@@ -9,8 +9,8 @@ importers:
   .:
     dependencies:
       '@zen-browser/surfer':
-        specifier: ^1.4.10
-        version: 1.4.10
+        specifier: ^1.4.17
+        version: 1.4.17
     devDependencies:
       husky:
         specifier: ^9.1.5
@@ -119,8 +119,8 @@ packages:
   '@types/node@17.0.45':
     resolution: {integrity: sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==}
 
-  '@zen-browser/surfer@1.4.10':
-    resolution: {integrity: sha512-ycncjECWX7uZh23bYxd9a6rnYfxQqw53EgUwDiYDSEuSOMtydYIg1+Rntra8DIM3DvFs56OH46xtLGSU2CJ+sw==}
+  '@zen-browser/surfer@1.4.17':
+    resolution: {integrity: sha512-kUl7jgDTj4Fa8q47lg0bzpVtKWTudbR5yPRdZmFtMhk/t4VQRyJJRTNkp/QG/X6nnKwIa2wJRGG61ZKgX0acBA==}
     hasBin: true
 
   ansi-escapes@7.0.0:
@@ -1003,7 +1003,7 @@ snapshots:
 
   '@types/node@17.0.45': {}
 
-  '@zen-browser/surfer@1.4.10':
+  '@zen-browser/surfer@1.4.17':
     dependencies:
       '@resvg/resvg-js': 1.4.0
       async-icns: 1.0.2