Build & Deployment Process

EarTrumpet uses GitHub Actions for its Continuous Integration and Continuous Deployment (CI/CD) pipeline. This process automates the building, packaging, and signing of the application for various distribution channels.

The entire workflow is defined in the .github/workflows/main.yml file.

Build Channels

The pipeline builds for three primary channels:

  1. Store: Creates an .appxupload package for submission to the Microsoft Store. This build uses the official Store publisher identity.
  2. AppInstaller: Creates a sideloadable .appxbundle and an .appinstaller file for direct installation and updates from the EarTrumpet website. This is used for the experimental dev builds.
  3. Chocolatey: Creates a traditional Win32 build (.exe and associated files) packaged into a .nupkg for the Chocolatey package manager.

Build Workflow with GitHub Actions

The main.yml workflow consists of two main jobs: build and release.

Build Job

This job runs in parallel for each channel and performs the following steps:

  1. Checkout Code: Fetches the source code from the repository.
  2. Initialize Versioning: Uses GitVersion to calculate a semantic version number based on the Git history.
  3. Restore Packages: Restores all required NuGet packages.
  4. Inject Secrets: Injects the Bugsnag API key into app.config for crash reporting.
  5. Adjust Manifests: Modifies Package.appxmanifest and Package.StoreAssociation.xml based on the build channel. For example, it sets the correct publisher ID and adjusts the display name for dev builds.
  6. Build with MSBuild: Compiles the source code and creates the appropriate package for the channel. The MSBuild arguments are tailored for each channel's needs:
    • Store: /p:UapAppxPackageBuildMode=CI
    • AppInstaller/Sideload: /p:UapAppxPackageBuildMode=SideloadOnly /p:GenerateAppInstallerFile=true
    • Chocolatey: Builds the main EarTrumpet.csproj directly to an output folder.
  7. Publish Artifacts: Uploads the compiled packages and metadata as build artifacts for the release job to consume.

Release Job

This job runs after the build job succeeds and is responsible for signing and deploying the artifacts.

  1. Download Artifacts: Retrieves the packages created by the build job.

  2. Code Signing: All executables and application packages are signed using Azure Code Signing. This is a modern, key-vault-based signing solution. 

    # Example signing command from the workflow
... signtool.exe sign /v /fd SHA256 /tr http://timestamp.acs.microsoft.com /dlib "acs\bin\x64\Azure.CodeSigning.Dlib.dll" ...

  3. Repackaging: For Store and AppInstaller builds, the packages are expanded, the internal .exe is signed, and then the packages are re-bundled.

  4. Deployment:
    • AppInstaller: The signed .appxbundle and .appinstaller files are uploaded via SCP to the install.eartrumpet.app web server.
    • Store: The signed .appxupload package is submitted to the Microsoft Partner Center using the StoreBroker PowerShell module.
    • Chocolatey: The signed files are packaged into a .nupkg and prepared for publishing to the Chocolatey repository.