windows: Publish nightly (#24800)

The installer, uninstaller, and the Zed binary files are all signed using Microsoft’s newly launched Trusted Signing service. For demonstration purposes, I have used my own account for the signing process. For more information about Trusted Signing, you can refer to the following links: - [Microsoft Security Blog: Trusted Signing is in Public Preview](https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-is-in-public-preview/4103457) - [Overview of Azure Trusted Signing](https://learn.microsoft.com/en-us/azure/trusted-signing/overview) **TODO:** - [x] `InnoSetup` script to setup an installer - [x] Signing process - [x] `Open with Zed` in right click context menu (by using sparse package) - [x] Integrate with `cli` - [x] Implement `cli` (#25412) - [x] Pack `cli.exe` into installer - [x] Implement auto updating (#25734) - [x] Pack autoupdater helper into installer - [x] Implement dock menus - [x] Add `Recent Documents` entries (#26369) - [x] Make `zed.exe` aware of sigle instance (#25412) - [x] Properly handle dock menu events (#26010) - [x] Handle `zed://***` uri **Materials needed:** - [ ] Icons - [ ] App icon for all channels (#9571) - [ ] Associated file icons, at minimum a default icon ([example](https://github.com/microsoft/vscode/tree/main/resources/win32)) - [ ] Logos for installer wizard - [ ] Icons for appx - [x] Code signing - [x] Secrets: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, ACCOUNT_NAME, CERT_PROFILE_NAME - [x] Other constants: ENDPOINT, Identity Signature (i.e. `CN=Junkui Zhang, O=Junkui Zhang, L=Wuhan, S=Hubei, C=CN`) ![屏幕截图 2025-02-13 205132](https://github.com/user-attachments/assets/925ec5b2-c8f4-4f0e-8666-26e30278eb3d) https://github.com/user-attachments/assets/4f1092b4-90fc-4a47-a868-8f2f1a5d8ad8 Release Notes: - N/A --------- Co-authored-by: Kate <kate@zed.dev> Co-authored-by: localcc <work@localcc.cc> Co-authored-by: Peter Tripp <peter@zed.dev> Co-authored-by: Max Brunsfeld <maxbrunsfeld@gmail.com>
2025-07-09 08:57:03 +08:00 · 2025-07-09 08:57:03 +08:00 · df57754baf
commit df57754baf
parent 3a247ee947
33 changed files with 3040 additions and 19 deletions
--- a/.github/workflows/release_nightly.yml
+++ b/.github/workflows/release_nightly.yml
@ -51,6 +51,32 @@ jobs:
      - name: Run tests
        uses: ./.github/actions/run_tests

+  windows-tests:
+    timeout-minutes: 60
+    name: Run tests on Windows
+    if: github.repository_owner == 'zed-industries'
+    runs-on: [self-hosted, Windows, X64]
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          clean: false
+
+      - name: Configure CI
+        run: |
+          New-Item -ItemType Directory -Path "./../.cargo" -Force
+          Copy-Item -Path "./.cargo/ci-config.toml" -Destination "./../.cargo/config.toml"
+
+      - name: Run tests
+        uses: ./.github/actions/run_tests_windows
+
+      - name: Limit target directory size
+        run: ./script/clear-target-dir-if-larger-than.ps1 1024
+
+      - name: Clean CI config file
+        if: always()
+        run: Remove-Item -Recurse -Path "./../.cargo" -Force -ErrorAction SilentlyContinue
+
  bundle-mac:
    timeout-minutes: 60
    name: Create a macOS bundle
@ -213,10 +239,54 @@ jobs:

  bundle-nix:
    name: Build and cache Nix package
+    if: false
    needs: tests
    secrets: inherit
    uses: ./.github/workflows/nix.yml

+  bundle-windows-x64:
+    timeout-minutes: 60
+    name: Create a Windows installer
+    if: github.repository_owner == 'zed-industries'
+    runs-on: [self-hosted, Windows, X64]
+    needs: windows-tests
+    env:
+      AZURE_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
+      ACCOUNT_NAME: ${{ vars.AZURE_SIGNING_ACCOUNT_NAME }}
+      CERT_PROFILE_NAME: ${{ vars.AZURE_SIGNING_CERT_PROFILE_NAME }}
+      ENDPOINT: ${{ vars.AZURE_SIGNING_ENDPOINT }}
+      DIGITALOCEAN_SPACES_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_KEY }}
+      DIGITALOCEAN_SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+      FILE_DIGEST: SHA256
+      TIMESTAMP_DIGEST: SHA256
+      TIMESTAMP_SERVER: "http://timestamp.acs.microsoft.com"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          clean: false
+
+      - name: Set release channel to nightly
+        working-directory: ${{ env.ZED_WORKSPACE }}
+        run: |
+          $ErrorActionPreference = "Stop"
+          $version = git rev-parse --short HEAD
+          Write-Host "Publishing version: $version on release channel nightly"
+          "nightly" | Set-Content -Path "crates/zed/RELEASE_CHANNEL"
+
+      - name: Install trusted signing
+        uses: ./.github/actions/install_trusted_signing
+
+      - name: Build Zed installer
+        working-directory: ${{ env.ZED_WORKSPACE }}
+        run: script/bundle-windows.ps1
+
+      - name: Upload Zed Nightly
+        working-directory: ${{ env.ZED_WORKSPACE }}
+        run: script/upload-nightly.ps1 windows
+
  update-nightly-tag:
    name: Update nightly tag
    if: github.repository_owner == 'zed-industries'
@ -225,6 +295,7 @@ jobs:
      - bundle-mac
      - bundle-linux-x86
      - bundle-linux-arm
+      - bundle-windows-x64
    steps:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4