From 2be210b35a5b961e6bd908e99f8a6bfc7ef6cb96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=B6rg=C3=A6sis?= Date: Mon, 22 Jun 2026 12:43:05 +0000 Subject: [PATCH 1/2] ci: add Windows ARM desktop release support --- .github/workflows/release.yml | 85 ++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 40 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 168c000c38b..d014e83a7b6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -287,11 +287,14 @@ jobs: platform: win target: nsis arch: x64 - # - label: Windows arm64 - # runner: windows-11-arm - # platform: win - # target: nsis - # arch: arm64 + # The artifact script treats arch as the target architecture, so the + # Windows arm64 artifact can build on the existing Blacksmith Windows + # runner while targeting arm64 for electron-builder. + - label: Windows arm64 + runner: blacksmith-32vcpu-windows-2025 + platform: win + target: nsis + arch: arm64 steps: - name: Checkout uses: actions/checkout@v6 @@ -521,17 +524,16 @@ jobs: done fi - # Enable if Windows arm64 builds are enabled. # Windows updater metadata is channel-specific (for example # "latest.yml" or "nightly.yml"). Suffix each per-arch copy so the # release job can merge matching arm64/x64 manifests back into one # canonical manifest per channel. - # if [[ "${{ matrix.platform }}" == "win" ]]; then - # shopt -s nullglob - # for manifest in release-publish/*.yml; do - # mv "$manifest" "${manifest%.yml}-win-${{ matrix.arch }}.yml" - # done - # fi + if [[ "${{ matrix.platform }}" == "win" ]]; then + shopt -s nullglob + for manifest in release-publish/*.yml; do + mv "$manifest" "${manifest%.yml}-win-${{ matrix.arch }}.yml" + done + fi - name: Upload build artifacts uses: actions/upload-artifact@v7 @@ -644,34 +646,37 @@ jobs: fi done - # - name: Merge Windows updater manifests - # run: | - # shopt -s nullglob - # found_windows_manifest=false - # for x64_manifest in release-assets/*-win-x64.yml; do - # if [[ "$(basename "$x64_manifest")" == builder-debug-* ]]; then - # continue - # fi - - # arm64_manifest="${x64_manifest/-x64.yml/-arm64.yml}" - # output_manifest="${x64_manifest/-win-x64.yml/.yml}" - # if [[ ! -f "$arm64_manifest" ]]; then - # echo "Missing matching arm64 Windows manifest for $x64_manifest" >&2 - # exit 1 - # fi - - # found_windows_manifest=true - # node scripts/merge-update-manifests.ts --platform win \ - # "$arm64_manifest" \ - # "$x64_manifest" \ - # "$output_manifest" - # rm -f "$arm64_manifest" "$x64_manifest" - # done - - # if [[ "$found_windows_manifest" != true ]]; then - # echo "No Windows updater manifests found to merge." >&2 - # exit 1 - # fi + # Merge the per-arch Windows manifests produced above into the canonical + # channel manifests consumed by the updater. + - name: Merge Windows updater manifests + run: | + set -euo pipefail + shopt -s nullglob + found_windows_manifest=false + for x64_manifest in release-assets/*-win-x64.yml; do + if [[ "$(basename "$x64_manifest")" == builder-debug-* ]]; then + continue + fi + + arm64_manifest="${x64_manifest/-x64.yml/-arm64.yml}" + output_manifest="${x64_manifest/-win-x64.yml/.yml}" + if [[ ! -f "$arm64_manifest" ]]; then + echo "Missing matching arm64 Windows manifest for $x64_manifest" >&2 + exit 1 + fi + + found_windows_manifest=true + node scripts/merge-update-manifests.ts --platform win \ + "$arm64_manifest" \ + "$x64_manifest" \ + "$output_manifest" + rm -f "$arm64_manifest" "$x64_manifest" + done + + if [[ "$found_windows_manifest" != true ]]; then + echo "No Windows updater manifests found to merge." >&2 + exit 1 + fi - name: Publish release if: needs.preflight.outputs.previous_tag != '' From 91316c5ca73ba16c504e118e165aee3dfabc175e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=B6rg=C3=A6sis?= Date: Wed, 24 Jun 2026 23:59:49 +0000 Subject: [PATCH 2/2] fix: preserve Windows app icon in unsigned builds --- scripts/build-desktop-artifact.test.ts | 11 +++++++++++ scripts/build-desktop-artifact.ts | 2 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scripts/build-desktop-artifact.test.ts b/scripts/build-desktop-artifact.test.ts index 99aea602e8c..f2af443679e 100644 --- a/scripts/build-desktop-artifact.test.ts +++ b/scripts/build-desktop-artifact.test.ts @@ -400,6 +400,17 @@ it.layer(NodeServices.layer)("build-desktop-artifact", (it) => { }).pipe(Effect.provide(ConfigProvider.layer(ConfigProvider.fromEnv({ env: {} })))), ); + it.effect("keeps Windows executable resource editing enabled for unsigned builds", () => + Effect.gen(function* () { + const config = yield* createBuildConfig("win", "nsis", "1.2.3", false, false, undefined); + + const win = config.win as Record; + assert.deepStrictEqual(win.target, ["nsis"]); + assert.equal(win.icon, "icon.ico"); + assert.notProperty(win, "signAndEditExecutable"); + }).pipe(Effect.provide(ConfigProvider.layer(ConfigProvider.fromEnv({ env: {} })))), + ); + it("promotes target fff binaries to direct staged dependencies", () => { assert.deepStrictEqual(resolveFffNativeDependencies("mac", "arm64", "0.9.4"), { "@ff-labs/fff-bin-darwin-arm64": "0.9.4", diff --git a/scripts/build-desktop-artifact.ts b/scripts/build-desktop-artifact.ts index 5a6cbfb8be3..494f1c12ff4 100644 --- a/scripts/build-desktop-artifact.ts +++ b/scripts/build-desktop-artifact.ts @@ -1360,8 +1360,6 @@ export const createBuildConfig = Effect.fn("createBuildConfig")(function* ( }; if (signed) { winConfig.azureSignOptions = yield* AzureTrustedSigningOptionsConfig; - } else { - winConfig.signAndEditExecutable = false; } buildConfig.win = winConfig; }