ci(windows): support custom version suffix (default 'cst')

.gitea/workflows/build-windows.yml

@@ -5,10 +5,10 @@ on:
     branches: [pro-features]
   workflow_dispatch:
     inputs:
-      build-msi:
-        description: "Also build MSI installer"
-        type: boolean
-        default: false
+      version_suffix:
+        description: "Version suffix (e.g. 'cst', 'beta1'). Empty = vanilla."
+        type: string
+        default: "cst"
 
 env:
   RUST_VERSION: "1.75"
@@ -17,7 +17,11 @@ env:
   VCPKG_COMMIT_ID: "120deac3062162151622ca4860575a33844ba10b"
   CARGO_EXPAND_VERSION: "1.0.95"
   FLUTTER_RUST_BRIDGE_VERSION: "1.80.1"
-  VERSION: "1.4.6"
+  # Numeric base, must match Cargo.toml's <major>.<minor>.<patch>.
+  # MSI ProductVersion is forced to this (Windows Installer rejects non-numeric).
+  VERSION_BASE: "1.4.6"
+  # Default suffix on push events. workflow_dispatch can override per-run.
+  VERSION_SUFFIX: ${{ inputs.version_suffix || 'cst' }}
 
 jobs:
   build-x64:
@@ -36,7 +40,7 @@ jobs:
       - name: Verify host toolchain
         shell: pwsh
         run: |
-          $required = 'node','pwsh','git','bash','python','rustc','cargo','rustup','clang','flutter','nuget','cmake','ninja'
+          $required = 'node','pwsh','git','bash','python','rustc','cargo','rustup','clang','flutter','nuget','cmake','ninja','dotnet'
           $missing = @()
           foreach ($tool in $required) {
             $cmd = Get-Command $tool -ErrorAction SilentlyContinue
@@ -54,6 +58,29 @@ jobs:
           }
           Write-Host "VCPKG_ROOT  $env:VCPKG_ROOT"
 
+      - name: Compute version strings
+        shell: pwsh
+        run: |
+          $base   = "${env:VERSION_BASE}"
+          $suffix = "${env:VERSION_SUFFIX}"
+          if ($base -notmatch '^\d+\.\d+\.\d+$') {
+            Write-Error "VERSION_BASE '$base' must be major.minor.patch numeric"
+            exit 1
+          }
+          if ($suffix) { $display = "$base-$suffix" } else { $display = $base }
+          Write-Host ("Base    : {0}  (used for MSI ProductVersion)" -f $base)
+          Write-Host ("Suffix  : {0}" -f $suffix)
+          Write-Host ("Display : {0}  (used for exe filename + Cargo.toml)" -f $display)
+          "VERSION_DISPLAY=$display" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+      - name: Patch Cargo.toml with display version
+        shell: bash
+        run: |
+          # Cargo accepts SemVer-style suffix with a hyphen (e.g. 1.4.6-cst).
+          sed -i -E "0,/^version[[:space:]]*=/{s/^version[[:space:]]*=[[:space:]]*\"${VERSION_BASE}\"/version = \"${VERSION_DISPLAY}\"/}" Cargo.toml
+          echo "--- Cargo.toml [package] ---"
+          awk '/^\[package\]/{f=1} f; /^\[/&&!/^\[package\]/{f=0}' Cargo.toml | head -10
+
       - name: Install flutter_rust_bridge codegen tools
         shell: bash
         run: |
@@ -143,22 +170,70 @@ jobs:
           python ./generate.py -f ../../rustdesk/ -o . -e ../../rustdesk/rustdesk.exe
           popd
           mkdir -p ./SignOutput
-          mv ./target/release/rustdesk-portable-packer.exe "./SignOutput/rustdesk-${VERSION}-x86_64.exe"
+          mv ./target/release/rustdesk-portable-packer.exe "./SignOutput/rustdesk-${VERSION_DISPLAY}-x86_64.exe"
 
       - name: Build MSI installer
-        if: ${{ inputs.build-msi == true }}
         shell: pwsh
         run: |
           Push-Location .\res\msi
-          python preprocess.py --arp -d ..\..\rustdesk
-          # vswhere finds VS install; use it to locate MSBuild
+          # Pass numeric VERSION_BASE explicitly: MSI ProductVersion must be numeric,
+          # so we cannot let preprocess.py auto-detect from rustdesk.exe (which now
+          # carries the suffixed VERSION_DISPLAY).
+          python preprocess.py --arp -d ..\..\rustdesk -v "${env:VERSION_BASE}"
+
+          # Resolve MSBuild from the installed VS Build Tools.
           $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
-          $msbuild = & $vswhere -latest -requires Microsoft.Component.MSBuild -find "MSBuild\**\Bin\MSBuild.exe" | Select-Object -First 1
+          $msbuild = & $vswhere -latest -requires Microsoft.Component.MSBuild `
+              -find "MSBuild\**\Bin\MSBuild.exe" | Select-Object -First 1
+          if (-not $msbuild) { throw "MSBuild not found via vswhere" }
+
+          # Two-stage restore covers both project flavors in this solution:
+          #   - CustomActions.vcxproj uses old-style packages.config -> nuget restore
+          #   - Package.wixproj is SDK-style PackageReference -> msbuild -t:Restore
           nuget restore msi.sln
+          & $msbuild msi.sln -t:Restore -p:Configuration=Release -p:Platform=x64
+          if ($LASTEXITCODE -ne 0) { throw "MSBuild restore failed ($LASTEXITCODE)" }
+
           & $msbuild msi.sln -p:Configuration=Release -p:Platform=x64 /p:TargetVersion=Windows10
-          Move-Item -Force .\Package\bin\x64\Release\en-us\Package.msi "..\..\SignOutput\rustdesk-${env:VERSION}-x86_64.msi"
+          if ($LASTEXITCODE -ne 0) { throw "MSBuild build failed ($LASTEXITCODE)" }
+
+          Move-Item -Force .\Package\bin\x64\Release\en-us\Package.msi "..\..\SignOutput\rustdesk-${env:VERSION_DISPLAY}-x86_64.msi"
           Pop-Location
 
+      - name: Report signing status of build artifacts
+        shell: pwsh
+        run: |
+          $artifacts = Get-ChildItem .\SignOutput -Include *.exe,*.msi -File
+          if (-not $artifacts) {
+            Write-Warning "No artifacts found in SignOutput\"
+            return
+          }
+
+          $unsigned = @()
+          foreach ($f in $artifacts) {
+            $sig = Get-AuthenticodeSignature -FilePath $f.FullName
+            $size = '{0,8:N0}' -f $f.Length
+            switch ($sig.Status) {
+              'Valid' {
+                Write-Host ("[ SIGNED ] {0}  ({1} bytes) signed by: {2}" -f $f.Name, $size, $sig.SignerCertificate.Subject)
+              }
+              'NotSigned' {
+                Write-Host ("[UNSIGNED] {0}  ({1} bytes)" -f $f.Name, $size)
+                $unsigned += $f.Name
+              }
+              default {
+                Write-Host ("[ {0,-7} ] {1}  ({2} bytes) -- {3}" -f $sig.Status, $f.Name, $size, $sig.StatusMessage)
+                $unsigned += $f.Name
+              }
+            }
+          }
+
+          if ($unsigned.Count -gt 0) {
+            # Render a Gitea/GHA-style annotation so it shows up prominently in the run summary.
+            $list = $unsigned -join ', '
+            Write-Host "::warning title=Unsigned artifacts::$list -- SmartScreen will warn end users. Wire up signing before distributing."
+          }
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:

ci/runners/windows/provision.ps1

@@ -47,14 +47,18 @@ if (-not (Get-Command choco -ErrorAction SilentlyContinue)) {
 }
 
 Write-Host '==> Installing base packages'
-# nodejs-lts: act_runner needs node to execute JavaScript actions.
-# powershell-core: workflows commonly use `shell: pwsh` (PS 7), not the OS's PS 5.1.
-choco install -y --no-progress git python311 nuget.commandline 7zip cmake ninja nodejs-lts powershell-core
+# nodejs-lts:     act_runner needs node to execute JavaScript actions.
+# powershell-core: workflows use `shell: pwsh` (PS 7), not the OS's PS 5.1.
+# dotnet-sdk:     required for WiX 4 SDK-style projects (.wixproj) used by the MSI build.
+choco install -y --no-progress `
+    git python311 nuget.commandline 7zip cmake ninja `
+    nodejs-lts powershell-core dotnet-sdk
 Add-MachinePath 'C:\Program Files\Git\cmd'
 Add-MachinePath 'C:\Python311'
 Add-MachinePath 'C:\Python311\Scripts'
 Add-MachinePath 'C:\Program Files\nodejs'
 Add-MachinePath 'C:\Program Files\PowerShell\7'
+Add-MachinePath 'C:\Program Files\dotnet'
 
 # --- 2. Visual Studio 2022 Build Tools (MSVC v143 + Win10 SDK) ---
 $vsInstaller = "$env:ProgramFiles(x86)\Microsoft Visual Studio\Installer\vswhere.exe"