Closed rantoniuk closed 11 months ago
bayrakmustafa
commented
11 months ago @rantoniuk We made an update about this. Can you test the final version in develop branch? You should see a log saying Extract CodeSignTool from download path in the log.
rantoniuk
commented
11 months ago I see that message in the logs, but it is still downloaded twice and the temp dir in the second run is different:
Run sslcom/esigner-codesign@develop
...
Extract CodeSignTool from download path C:\a\_temp\d359a464-5754-4b5a-8b88-67feb7635ae0 to ....
...
...
...
CodeSignTool from download path C:\a\_temp\8e1c53c6-7166-460d-a6f1-548b879bd861 to ...Same applies to downloading JDK:
Trying to resolve the latest version from remote
Resolved latest version as 11.0.21.9.1
Trying to download...
Downloading Java 11.0.21.9.1 (Corretto) fromit's also downloaded twice.
The point here is not re-download the tool itself and JDK and re-use the already downloaded tool.
The original error of EEXIST: file already exists is now indeed fixed but in a not efficient way, because the tool is still downloaded twice in the same workflow run - hope that makes sense.
bayrakmustafa
commented
11 months ago @rantoniuk I wrote the wrong log, it looked like it was downloading twice. https://github.com/SSLcom/esigner-codesign/actions/runs/6704246071/job/18216329917 If you look at the logs here, it only downloads once CodeSignTool. I need to look separately for Java installation. I will work on a separate solution for that.
rantoniuk
commented
11 months ago @rantoniuk I wrote the wrong log, it looked like it was downloading twice. https://github.com/SSLcom/esigner-codesign/actions/runs/6704246071/job/18216329917 If you look at the logs here, it only downloads once CodeSignTool.
That's not what I saw in my logs yesterday, but if you say it should be fine then ok. Just to be sure, attaching the more complete log:
Downloading CodeSignTool from https://github.com/SSLcom/CodeSignTool/releases/download/v1.2.7/CodeSignTool-v1.2.7-windows.zip
Creating CodeSignTool extract path C:\a\xxx\xxx\codesign
Created CodeSignTool extract path C:\a\xxx\xxx\codesign
"C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$ErrorActionPreference = 'Stop' ; try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ; try { [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\a\_temp\d359a464-5754-4b5a-8b88-67feb7635ae0', 'C:\a\xxx\xxx\codesign', $true) } catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath 'C:\a\_temp\d359a464-5754-4b5a-8b88-67feb7635ae0' -DestinationPath 'C:\a\xxx\xxx\codesign' -Force } else { throw $_ } } ;"
Extract CodeSignTool from download path C:\a\_temp\d359a464-5754-4b5a-8b88-67feb7635ae0 to C:\a\xxx\xxx\codesign
Archive name: CodeSignTool-v1.2.7, C:\a\xxx\xxx\codesign\CodeSignTool-v1.2.7-windowsDownloading CodeSignTool from https://github.com/SSLcom/CodeSignTool/releases/download/v1.2.7/CodeSignTool-v1.2.7-windows.zip
Creating CodeSignTool extract path C:\a\xxx\xxx\codesign
"C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$ErrorActionPreference = 'Stop' ; try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ; try { [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\a\_temp\8e1c53c6-7166-460d-a6f1-548b879bd861', 'C:\a\xxx\xxx\codesign', $true) } catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath 'C:\a\_temp\8e1c53c6-7166-460d-a6f1-548b879bd861' -DestinationPath 'C:\a\xxx\xxx\codesign' -Force } else { throw $_ } } ;"
Extract CodeSignTool from download path C:\a\_temp\8e1c53c6-7166-460d-a6f1-548b879bd861 to C:\a\xxx\xxx\codesign
Archive name: CodeSignTool-v1.2.7, C:\a\xxx\xxx\codesign\CodeSignTool-v1.2.7-windowsI need to look separately for Java installation. I will work on a separate solution for that.
🚀
rantoniuk
commented
11 months ago @bayrakmustafa I just did a re-run with @develop and unfortunately I can't confirm this is fixed (i.e. in terms of performance).
I still see the tool is downloaded twice to two different temporary directories:
1st step:
Extract CodeSignTool from download path C:\a\_temp\ff917438-dac5-4f22-97aa-c87ebb1ce2d0 to C:\a\myapp\codesign
2nd step:
Extract CodeSignTool from download path C:\a\_temp\1ad6912c-0c1a-4ecc-b975-fc77e68f5856 to C:\a\myapp\codesignOf course, the same applies for JDK. Do you have another issue open that I can watch for a fix?
bayrakmustafa
commented
11 months ago @rantoniuk Are you signing on different github action jobs? I did my tests in the same job. Can you share the Github action yml file?
rantoniuk
commented
11 months ago Same job, different steps:
jobs:
build-app:
runs-on: Windows-8CPU-32GB
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Checkout ScopePy"
uses: actions/checkout@v4
with:
repository: org/repo2
ref: ${{ github.event.inputs.branch }}
token: ${{ secrets.token }}
path: repo2
...
- name: "Run pyinstaller app"
working-directory: repo2
run: |
pyinstaller --noconfirm app.spec
...
- name: Sign exe with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.SSL_COM_TEST_USERNAME }}
password: ${{ secrets.SSL_COM_TEST_PASSWORD }}
credential_id: ${{ secrets.SSL_COM_TEST_CREDENTIAL_ID }}
totp_secret: ${{ secrets.SSL_COM_TEST_TOTP_SECRET }}
file_path: repo2/dist/starter/App.exe
output_path: repo2/dist/app
malware_block: false
override: false
environment_name: TEST
clean_logs: true
jvm_max_memory: 4096M
...
some other build actions to prepare the final package
...
- name: Sign package with CodeSignTool
uses: sslcom/esigner-codesign@develop
with:
command: sign
username: ${{ secrets.SSL_COM_TEST_USERNAME }}
password: ${{ secrets.SSL_COM_TEST_PASSWORD }}
credential_id: ${{ secrets.SSL_COM_TEST_CREDENTIAL_ID }}
totp_secret: ${{ secrets.SSL_COM_TEST_TOTP_SECRET }}
file_path: Output/App-${{ github.event.inputs.version }}-unsigned.exe
output_path: Output/signed
malware_block: true
override: false
environment_name: TEST
clean_logs: true
jvm_max_memory: 4096M
Note that the working directory is different, in the first step it's repo2, in the second it's Output - however, for the signing tool it should be irrelevant.
bayrakmustafa
commented
11 months ago @rantoniuk It's a problem with windows runner. I solved the problem. I also worked on Java installation. It only needs to download once. Can you test again?
rantoniuk
commented
11 months ago All looks good now, thanks a lot!
JDK home: C:\hostedtoolcache\windows\Java_Corretto_jdk\11.0.21.9.1\x64
JDK version: 11
JDK is already installed C:\hostedtoolcache\windows\Java_Corretto_jdk\11.0.21.9.1\x64Please throw in here a comment when it's tagged/released.
rantoniuk
commented
10 months ago @bayrakmustafa any chance for 1.2.9 release with this? thanks in advance!
bayrakmustafa
commented
10 months ago @bayrakmustafa any chance for 1.2.9 release with this? thanks in advance!
@rantoniuk I released version 1.2.9. You can use it :)
During the codesign process, the action downloads the code and extracts it:
In our case, we're signing twice in our pipeline run, once the application package executable file and once the whole installation executable file. Because of that, the action is used twice in the workflow definition and during the second run it fails with:
For now we have a temporary workaround where between the signing steps, we forcibly remove that directory with
rm -rfbut that results in the action needing to re-download the tool again.@bayrakmustafa could you take a look if a check could be added somewhere that if this directory already exists?