v6.6.6-beta.14

fixed build
v6.6.6-beta.12
2025-10-23 08:00:02 +02:00 · 2025-10-23 07:59:53 +02:00 · 2025-10-22 16:33:19 +02:00 · 2025-10-22 16:33:01 +02:00 · 2025-10-22 16:31:44 +02:00 · 2025-10-22 16:13:49 +02:00
5 changed files with 104 additions and 104 deletions
--- a/.github/workflows/build-app-beta.yaml
+++ b/.github/workflows/build-app-beta.yaml
@@ -6,16 +6,20 @@ name: Electron app BETA
  push:
    tags:
      - v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+
+
+permissions:
+  id-token: write
+  contents: write
+  
 jobs:
  build:
    runs-on: ${{ matrix.os }}
+    environment: dbgate-app
    strategy:
      fail-fast: false
      matrix:
        os:
-          - macos-14
          - windows-2022
-          - ubuntu-22.04
    steps:
      - name: Install python 3.11 (MacOS)
        if: matrix.os == 'macos-14'
@@ -66,8 +70,8 @@ jobs:
          yarn run build:app
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          WIN_CSC_LINK: ${{ secrets.WINCERT_2025 }}
-          WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_2025_PASSWORD }}
+          # WIN_CSC_LINK: ${{ secrets.WINCERT_2025 }}
+          # WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_2025_PASSWORD }}
          CSC_LINK: ${{ secrets.APPLECERT_CERTIFICATE }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLECERT_PASSWORD }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
@@ -75,6 +79,42 @@ jobs:
          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
          SNAPCRAFT_STORE_CREDENTIALS: ${{secrets.SNAPCRAFT_LOGIN}}
          APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}}
+
+      - name: Check OIDC availability
+        if: matrix.os == 'windows-2022'
+        run: |
+          echo "OIDC URL: $env:ACTIONS_ID_TOKEN_REQUEST_URL"
+          echo "OIDC TOKEN: ${{ steps.none.outputs.nothing || '' }}"
+          echo "Client ID: ${{ secrets.AZURE_TC_CLIENT_ID }}"
+          echo "Tenant ID: ${{ secrets.AZURE_TC_TENANT_ID }}"
+        shell: pwsh
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
+        if: matrix.os == 'windows-2022'
+        with:
+          client-id: ${{ secrets.AZURE_TC_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TC_TENANT_ID }}
+          allow-no-subscriptions: true
+
+      - name: Sign Windows artifacts with Azure Trusted Signing
+        uses: azure/trusted-signing-action@v0
+        if: matrix.os == 'windows-2022'
+        with:
+          # azure-tenant-id: ${{ secrets.AZURE_TC_TENANT_ID }}
+          # azure-client-id: ${{ secrets.AZURE_TC_CLIENT_ID }}
+          # azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+          endpoint: https://wus3.codesigning.azure.net/
+          trusted-signing-account-name: DbGate
+          certificate-profile-name: DbGate-Release
+
+          files-folder: app/dist
+          files-folder-filter: exe
+
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+
      - name: Copy artifacts
        run: |
          mkdir artifacts          
--- a/.github/workflows/build-app.yaml
+++ b/.github/workflows/build-app.yaml
@@ -13,9 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        os:
-          - macos-14
          - windows-2022
-          - ubuntu-22.04
    steps:
      - name: Install python 3.11 (MacOS)
        if: matrix.os == 'macos-14'
@@ -62,8 +60,8 @@ jobs:
          yarn run build:app
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          WIN_CSC_LINK: ${{ secrets.WINCERT_2025 }}
-          WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_2025_PASSWORD }}
+          # WIN_CSC_LINK: ${{ secrets.WINCERT_2025 }}
+          # WIN_CSC_KEY_PASSWORD: ${{ secrets.WINCERT_2025_PASSWORD }}
          CSC_LINK: ${{ secrets.APPLECERT_CERTIFICATE }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLECERT_PASSWORD }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
@@ -74,6 +72,24 @@ jobs:
      - name: generatePadFile
        run: |
          yarn generatePadFile
+
+
+      - name: Sign Windows artifacts with Azure Trusted Signing
+        uses: azure/trusted-signing-action@v0
+        with:
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+
+          endpoint: https://wus3.codesigning.azure.net/
+          trusted-signing-account-name: DbGate
+          certificate-profile-name: DbGate-Release
+
+          files-folder: app/dist
+          files-folder-filter: exe
+
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+
      - name: Copy artifacts
        run: |
          mkdir artifacts          
--- a/.github/workflows/build-docker.yaml
+++ b/.github/workflows/build-docker.yaml
@@ -1,95 +0,0 @@
-# --------------------------------------------------------------------------------------------
-# This file is generated. Do not edit manually
-# --------------------------------------------------------------------------------------------
-name: Docker image Community
-'on':
-  push:
-    tags:
-      - v[0-9]+.[0-9]+.[0-9]+
-      - v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+
-jobs:
-  build:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os:
-          - ubuntu-22.04
-    steps:
-      - name: Context
-        env:
-          GITHUB_CONTEXT: ${{ toJson(github) }}
-        run: echo "$GITHUB_CONTEXT"
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 1
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: dbgate/dbgate
-          flavor: |
-            latest=false
-          tags: |
-            type=raw,value=beta,enable=${{ contains(github.ref_name, '-docker.') || contains(github.ref_name, '-beta.') }}
-
-            type=match,pattern=\d+.\d+.\d+,enable=${{ !contains(github.ref_name, '-docker.') && !contains(github.ref_name, '-beta.') }}
-            type=raw,value=latest,enable=${{ !contains(github.ref_name, '-docker.') && !contains(github.ref_name, '-beta.') }}
-      - name: Docker alpine meta
-        id: alpmeta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            dbgate/dbgate
-          flavor: |
-            latest=false
-          tags: |
-            type=raw,value=beta-alpine,enable=${{ contains(github.ref_name, '-docker.') || contains(github.ref_name, '-beta.') }}
-
-            type=match,pattern=\d+.\d+.\d+,suffix=-alpine,enable=${{ !contains(github.ref_name, '-docker.') && !contains(github.ref_name, '-beta.') }}
-            type=raw,value=alpine,enable=${{ !contains(github.ref_name, '-docker.') && !contains(github.ref_name, '-beta.') }}
-      - name: Use Node.js 22.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 22.x
-      - name: adjustPackageJson
-        run: |
-
-          node adjustPackageJson --community
-      - name: yarn install
-        run: |
-
-          # yarn --version
-          # yarn config set network-timeout 300000
-          yarn install
-      - name: setCurrentVersion
-        run: |
-
-          yarn setCurrentVersion
-      - name: Prepare docker image
-        run: |
-
-          yarn run prepare:docker
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          push: true
-          context: ./docker
-          tags: ${{ steps.meta.outputs.tags }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
-      - name: Build and push alpine
-        uses: docker/build-push-action@v3
-        with:
-          push: true
-          context: ./docker
-          file: ./docker/Dockerfile-alpine
-          tags: ${{ steps.alpmeta.outputs.tags }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
--- a/.github/workflows/winsigntest.yaml
+++ b/.github/workflows/winsigntest.yaml
@@ -0,0 +1,39 @@
+# --------------------------------------------------------------------------------------------
+# This file is generated. Do not edit manually
+# --------------------------------------------------------------------------------------------
+name: WinSignTest
+'on':
+  push:
+    branches:
+      - winsign
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    environment: dbgate-app
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - windows-2022
+    steps:
+      - name: Check OIDC availability
+        if: matrix.os == 'windows-2022'
+        run: |
+          echo "OIDC URL: $env:ACTIONS_ID_TOKEN_REQUEST_URL"
+          echo "OIDC TOKEN: ${{ steps.none.outputs.nothing || '' }}"
+          echo "Client ID: ${{ secrets.AZURE_TC_CLIENT_ID }}"
+          echo "Tenant ID: ${{ secrets.AZURE_TC_TENANT_ID }}"
+        shell: pwsh
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
+        if: matrix.os == 'windows-2022'
+        with:
+          client-id: ${{ secrets.AZURE_TC_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TC_TENANT_ID }}
+          allow-no-subscriptions: true
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "private": true,
-  "version": "6.6.6-premium-beta.2",
+  "version": "6.6.6-beta.14",
  "name": "dbgate-all",
  "workspaces": [
    "packages/*",
Author	SHA1	Message	Date
$SPRINX0\prochazka$ SPRINX0\prochazka	e3370ba857	v6.6.6-beta.14	2025-10-23 08:00:02 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	b36b110cea	fixed build	2025-10-23 07:59:53 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	159b9d1227	v6.6.6-beta.12	2025-10-22 16:33:19 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	b5775b1e65	set environment	2025-10-22 16:33:01 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	ed007b939e	env fix	2025-10-22 16:31:44 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	3dcfb63c89	try local env	2025-10-22 16:13:49 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	6dcb4cb651	env sign test	2025-10-22 16:12:31 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	092b2fcda8	winsign test	2025-10-22 15:55:26 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	344c602954	v6.6.6-beta.11	2025-10-22 14:50:34 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	b07c67e83f	debug print	2025-10-22 14:50:23 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	49db7dcc58	v6.6.6-beta.10	2025-10-22 13:03:59 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	013cf1eeea	azure login fix	2025-10-22 13:03:35 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	b53f3208ba	v6.6.6-beta.7	2025-10-22 12:27:02 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	34a0d6587f	changed login method	2025-10-22 12:26:52 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	c926819f54	v6.6.6-beta.6	2025-10-22 11:07:56 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	e6fe00de5c	used different tenant	2025-10-22 09:23:35 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	958940a071	v6.6.4-beta.5	2025-10-21 15:02:37 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	e97182aac6	added missing secret	2025-10-21 15:02:09 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	d430dcf221	v6.6.6-beta.4	2025-10-21 12:58:54 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	c9db718a9a	remove windows build	2025-10-21 12:58:43 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	9a7ea8f1c3	code sign	2025-10-21 12:58:32 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	e97afcb205	only windows build	2025-10-21 12:32:59 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	e5f2c89243	v6.6.6-beta.3	2025-10-21 12:30:04 +02:00
$SPRINX0\prochazka$ SPRINX0\prochazka	7e17ade120	azure code signing	2025-10-21 12:29:49 +02:00