Add building Windows Authentication Package to Drone (gravitational#2…

…3811) * Add building Windows Authentication Package to Drone * Add building Windows Authentication Package to Drone * Set test build version * Test trigger * Trigger + version update * fix path * path + version * trigger? * fix windres * fix windres * fix windres * fix windres * fix windres * handle windows windres * handle windows windres * update e * gocache * gocache * gocache * update e * go version * go version * go version * tes * tes * test * bump e * bump e * dronegen * concurrent * tag trigger * bump version * trigger * trigger * trigger * bump e * bump e, cleanup build * fix signing * fix signing * rename * fix signing * restore trigger * restore trigger * bump version * relcli update * bump version * bump version * restore version * restore e * dronegen * dronegen * bump e * dronegen * dronegen * dronegen
Somith11 · Apr 14, 2023 · 417ced7 · 417ced7
1 parent a35383a
commit 417ced7
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 6 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -720,6 +720,28 @@ steps:
     CSC_LINK:
       from_secret: WINDOWS_SIGNING_CERT
     WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
+- name: Build Windows Authentication Package
+  commands:
+  - $ErrorActionPreference = 'Stop'
+  - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
+  - $Env:GOCACHE = "$Workspace/gocache"
+  - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
+  - . "$TeleportSrc/build.assets/windows/build.ps1"
+  - Enable-Go -ToolchainDir "$Workspace/toolchains"
+  - cd $TeleportSrc
+  - $TeleportVersion=$(make print-version).Trim()
+  - cd "$TeleportSrc\e\windowsauth"
+  - make VERSION=v$TeleportVersion  all
+  - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
+    windows-signing-cert.pfx -Encoding Byte
+  - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
+    sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
+    /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe'
+  - rm -r windows-signing-cert.pfx
+  environment:
+    WINDOWS_SIGNING_CERT:
+      from_secret: WINDOWS_SIGNING_CERT
+    WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
 - name: Clean up workspace (post)
   commands:
   - $ErrorActionPreference = 'Continue'
@@ -963,6 +985,28 @@ steps:
   - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
   environment:
     WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
+- name: Build Windows Authentication Package
+  commands:
+  - $ErrorActionPreference = 'Stop'
+  - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
+  - $Env:GOCACHE = "$Workspace/gocache"
+  - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
+  - . "$TeleportSrc/build.assets/windows/build.ps1"
+  - Enable-Go -ToolchainDir "$Workspace/toolchains"
+  - cd $TeleportSrc
+  - $TeleportVersion=$(make print-version).Trim()
+  - cd "$TeleportSrc\e\windowsauth"
+  - make VERSION=v$TeleportVersion  all
+  - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
+    windows-signing-cert.pfx -Encoding Byte
+  - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
+    sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
+    /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe'
+  - rm -r windows-signing-cert.pfx
+  environment:
+    WINDOWS_SIGNING_CERT:
+      from_secret: WINDOWS_SIGNING_CERT
+    WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
 - name: Build tsh
   commands:
   - $ErrorActionPreference = 'Stop'
@@ -1042,6 +1086,8 @@ steps:
   - Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release
   - Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect
     Setup*.exe" -Destination $OutputsDir
+  - Copy-Item -Path "$TeleportSrc/e/windowsauth/build/teleport-windows-auth-setup-*.exe"
+    -Destination $OutputsDir
   - . "$TeleportSrc/build.assets/windows/build.ps1"
   - Format-FileHashes -PathGlob "$OutputsDir/*.exe"
   - Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket
@@ -1058,8 +1104,8 @@ steps:
   - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
   - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
   - $OutputsDir = "$Workspace/outputs"
-  - $relcliUrl = 'https://cdn.teleport.dev/relcli-v1.1.76-windows.exe'
-  - $relcliSha256 = '56dfdd9d1a09aac892fcd48eba035072dc6c151eaa2e1b21cf54786bb3c09520'
+  - $relcliUrl = 'https://cdn.teleport.dev/relcli-master-e148541-20230331T1403513-windows.exe'
+  - $relcliSha256 = '6e2ba2275d5d2bdd1c29def84d2de7d11149a9044c4fdca7c8d87c8e3fb8a91c'
   - . "$TeleportSrc/build.assets/windows/build.ps1"
   - Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace
   - Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir
@@ -20180,6 +20226,6 @@ image_pull_secrets:
 - DOCKERHUB_CREDENTIALS
 ---
 kind: signature
-hmac: 9e770f0d365dd5fd55104a3d293b09bb6e8a9ab63d1471a80fe13aada2d1d140
+hmac: 4cca363e389f871662adb53ffa9e0b8feedb6d8e213f4df135b827c31f6bf0f8
 
 ...
diff --git a/build.assets/windows/build.ps1 b/build.assets/windows/build.ps1
@@ -137,7 +137,7 @@ function Install-Node {
 function Enable-Node {
     <#
     .SYNOPSIS
-        Adds the Node toolchaion to the system search path 
+        Adds the Node toolchain to the system search path
     #>
     [CmdletBinding()]
     param(

diff --git a/dronegen/windows.go b/dronegen/windows.go
@@ -23,8 +23,8 @@ const (
 	toolchainDir      = `/toolchains`
 	teleportSrc       = `/go/src/github.com/gravitational/teleport`
 
-	relcliURL    = `https://cdn.teleport.dev/relcli-v1.1.76-windows.exe`
-	relcliSha256 = `56dfdd9d1a09aac892fcd48eba035072dc6c151eaa2e1b21cf54786bb3c09520`
+	relcliURL    = `https://cdn.teleport.dev/relcli-master-e148541-20230331T1403513-windows.exe`
+	relcliSha256 = `6e2ba2275d5d2bdd1c29def84d2de7d11149a9044c4fdca7c8d87c8e3fb8a91c`
 )
 
 func newWindowsPipeline(name string) pipeline {
@@ -48,6 +48,7 @@ func windowsTagPipeline() pipeline {
 		updateWindowsSubreposStep(p.Workspace.Path),
 		installWindowsNodeToolchainStep(p.Workspace.Path),
 		installWindowsGoToolchainStep(p.Workspace.Path),
+		buildWindowsAuthenticationPackageStep(p.Workspace.Path),
 		buildWindowsTshStep(p.Workspace.Path),
 		signTshStep(p.Workspace.Path),
 		buildWindowsTeleportConnectStep(p.Workspace.Path),
@@ -87,6 +88,7 @@ func windowsTagPipeline() pipeline {
 				`New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null`,
 				`Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release`,
 				`Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect Setup*.exe" -Destination $OutputsDir`,
+				`Copy-Item -Path "$TeleportSrc/e/windowsauth/build/teleport-windows-auth-setup-*.exe" -Destination $OutputsDir`,
 				`. "$TeleportSrc/build.assets/windows/build.ps1"`,
 				`Format-FileHashes -PathGlob "$OutputsDir/*.exe"`,
 				`Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket $Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion"`,
@@ -114,6 +116,7 @@ func windowsPushPipeline() pipeline {
 		buildWindowsTshStep(p.Workspace.Path),
 		signTshStep(p.Workspace.Path),
 		buildWindowsTeleportConnectStep(p.Workspace.Path),
+		buildWindowsAuthenticationPackageStep(p.Workspace.Path),
 		cleanUpWindowsWorkspaceStep(p.Workspace.Path),
 		{
 			Name: "Send Slack notification (exec)",
@@ -273,6 +276,31 @@ func buildWindowsTeleportConnectStep(workspace string) step {
 	}
 }
 
+func buildWindowsAuthenticationPackageStep(workspace string) step {
+	return step{
+		Name: "Build Windows Authentication Package",
+		Environment: map[string]value{
+			"WORKSPACE_DIR":        {raw: workspace},
+			"WINDOWS_SIGNING_CERT": {fromSecret: "WINDOWS_SIGNING_CERT"},
+		},
+		Commands: []string{
+			`$ErrorActionPreference = 'Stop'`,
+			`$Workspace = "` + perBuildWorkspace + `"`,
+			`$Env:GOCACHE = "$Workspace/gocache"`,
+			`$TeleportSrc = "$Workspace` + teleportSrc + `"`,
+			`. "$TeleportSrc/build.assets/windows/build.ps1"`,
+			`Enable-Go -ToolchainDir "$Workspace` + toolchainDir + `"`,
+			`cd $TeleportSrc`,
+			`$TeleportVersion=$(make print-version).Trim()`,
+			`cd "$TeleportSrc\e\windowsauth"`,
+			`make VERSION=v$TeleportVersion  all`,
+			`([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content windows-signing-cert.pfx -Encoding Byte`,
+			`& 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe`,
+			`rm -r windows-signing-cert.pfx`,
+		},
+	}
+}
+
 func windowsRegisterArtifactsStep(workspace string) step {
 	return step{
 		Name: "Register artifacts",