Build and Test Windows MSI during release

.github/workflows/release.yml

@@ -6,8 +6,83 @@ on:
       - "v*"
 
 jobs:
+  build_msi:
+    runs-on: windows-2019
+    steps:
+      - name: Checkout Sources
+        uses: actions/checkout@v2
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: "1.17"
+          check-latest: true
+      - name: Cache Go Modules
+        uses: actions/cache@v2
+        with:
+          path: |
+            %LocalAppData%\go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+      - name: Build Windows Binary
+        run: |
+          make build-windows
+          cp artifacts/stanza_windows_amd64 build/windows/stanza.exe
+      - name: Get Latest stanza-plugins Release
+        id: pluginsrelease
+        run: echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/observiq/stanza-plugins/releases/latest | jq '.tag_name' | tr -d '"')"
+      - name: Clone Plugins
+        run: |
+          git clone --depth 1 --branch ${{ steps.pluginsrelease.outputs.releasetag }} https://github.com/observIQ/stanza-plugins.git stanza-plugins
+      - name: Copy Plugins to MSI Build Directory
+        run: cp -r stanza-plugins/plugins build/windows/
+      # HACK: Copy build directory to C drive to avoid this error:
+      # "Rel: can't make D:/a/stanza/stanza/build/windows/stanza.exe relative to C:\Users\RUNNER~1\AppData\Local\Temp\go-msi502841497"
+      - name: Copy Build Dir
+        run: |
+          cp -r build C:/build
+          echo "C:/build/windows" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+      # Installs go-msi, wix, and cinc.
+      - name: Install Build and Test Tools
+        run: 	|
+          curl -L -o go-msi.exe https://github.com/observIQ/go-msi/releases/download/v2.0.0/go-msi.exe
+          curl -L -o wix310-binaries.zip http://wixtoolset.org/downloads/v3.10.3.3007/wix310-binaries.zip
+          unzip wix310-binaries.zip
+        working-directory: C:/build/windows
+      - name: "Release: Get Tag From Environment"
+        id: get-tag
+        run: printf '::set-output name=tag::%s' "$(printf '%s' "${{ github.ref }}" | sed 's/refs\/tags\///')"
+      - name: "Release: Build MSI from Tagged Release"
+        run: go-msi.exe make -m stanza.msi --version ${{ steps.get-tag.outputs.tag }} --arch amd64
+        working-directory: C:/build/windows
+      - name: Install MSI
+        run: msiexec.exe /qn /i stanza.msi
+        working-directory: C:/build/windows
+      - name: Install CINC (Inspec)
+        run: . { iwr -useb https://omnitruck.cinc.sh/install.ps1 } | iex; install -project cinc-auditor -version 4
+      - name: Run CINC (Inspec) Install Tests
+        run: C:/cinc-project/cinc-auditor/bin/cinc-auditor.bat exec install.rb
+        working-directory: C:/build/windows/test
+      - name: Uninstall MSI
+        run: |
+          msiexec.exe /qn /x stanza.msi
+          sleep 5
+        working-directory: C:/build/windows
+      - name: Run CINC (Inspec) Uninstall Tests
+        run: C:/cinc-project/cinc-auditor/bin/cinc-auditor.bat exec uninstall.rb
+        working-directory: C:/build/windows/test
+      - name: "Release: Rename MSI to include version tag"
+        run: mv stanza.msi stanza-${{ steps.get-tag.outputs.tag }}.msi
+        working-directory: C:/build/windows
+      - name: "Release: Archive code coverage results"
+        uses: actions/upload-artifact@v2
+        with:
+          name: stanza-${{ steps.get-tag.outputs.tag }}.msi
+          path: C:/build/windows/stanza-${{ steps.get-tag.outputs.tag }}.msi
+          # Short lived because Go Releaser will upload the msi to a release (github release, gcs, etc)
+          retention-days: 1
   release:
     runs-on: "ubuntu-20.04"
+    needs: ["build_msi"]
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -19,6 +94,14 @@ jobs:
         with:
           go-version: 1.17
           check-latest: true
+      - name: "Get Tag From Environment"
+        id: get-tag
+        run: printf '::set-output name=tag::%s' "$(printf '%s' "${{ github.ref }}" | sed 's/refs\/tags\///')"
+      - name: Retrieve Windows MSI Installer
+        uses: actions/download-artifact@v2
+        with:
+          name: stanza-${{ steps.get-tag.outputs.tag }}.msi
+          path: stanza-${{ steps.get-tag.outputs.tag }}.msi
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

.gitignore

@@ -7,4 +7,13 @@ local/*
 artifacts/*
 **/.vscode/*
 gen/
-**/testdata/*.log
+**/testdata/*.log
+**/*.msi
+**/*.exe
+**/*zip
+**/wix
+**/.vagrant
+**/wix.dynamic.json
+stanza-plugins/
+**/plugins
+

.goreleaser.yml

@@ -37,6 +37,9 @@ release:
   github:
     owner: observIQ
     name: stanza
+  extra_files:
+  - glob: scripts/*install*
+  - glob: stanza*.msi
 
 changelog:
   skip: false

Makefile

@@ -151,3 +151,48 @@ for-all:
 	@set -e; for dir in $(ALL_MODULES); do \
 	  (cd "$${dir}" && $${CMD} ); \
 	done
+
+# Prepare the vagrant system by installing go-msi, wix, inspec and configuring the path.
+# Assumes stanza-plugins has already been cloned and checked out with the correct tag.
+# This make target is intended for local development and testing only, do not run within CI.
+.PHONY: vagrant-prep
+vagrant-prep: workdir = "build/windows"
+vagrant-prep:
+	file $(workdir)/go-msi.exe >/dev/null || curl -L -o $(workdir)/go-msi.exe https://github.com/observIQ/go-msi/releases/download/v2.0.0/go-msi.exe
+	file $(workdir)/cinc-auditor.msi >/dev/null || curl -L -o $(workdir)/cinc-auditor.msi http://downloads.cinc.sh/files/stable/cinc-auditor/4.17.7/windows/2012r2/cinc-auditor-4.17.7-1-x64.msi
+
+	file wix-binaries.zip >/dev/null || curl -L -o wix-binaries.zip https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip
+	mkdir -p $(workdir)/wix
+	ls $(workdir)/wix/sdk >/dev/null || unzip -o wix-binaries.zip -d $(workdir)/wix
+
+	cp -r stanza-plugins/plugins $(workdir)/
+
+	cd $(workdir) && vagrant up --provider virtualbox
+	cd $(workdir) && vagrant winrm -c "setx PATH \"%PATH%;C:/vagrant/wix\;C:/vagrant\""
+	cd $(workdir) && vagrant winrm -c "C:/vagrant/cinc-auditor.msi"
+
+# This make target is intended for local development and testing only, do not run within CI.
+.PHONY: wix
+wix: workdir = "build/windows"
+wix: build-windows
+	cp artifacts/stanza_windows_amd64 $(workdir)/stanza.exe
+
+	cd $(workdir) && \
+		vagrant winrm -c \
+		"cd C:/vagrant; go-msi.exe make -m stanza.msi --version v0.0.1 --arch amd64"
+
+# This make target is intended for local development and testing only, do not run within CI.
+.PHONY: wix-test
+wix-test: workdir = "build/windows"
+wix-test: vagrant-prep wix
+	cd $(workdir) && vagrant winrm -c "C:/vagrant/stanza.msi"
+	sleep 10
+	cd $(workdir) && vagrant winrm -c "cinc-auditor exec C:/vagrant\test\install.rb"
+
+# Run after manually uninstalling stanza.
+# This make target is intended for local development and testing only, do not run within CI.
+.PHONY: wix-test-uninstall
+wix-test-uninstall: workdir = "build/windows"
+wix-test-uninstall:
+	cd $(workdir) && vagrant winrm -c "cinc-auditor exec C:/vagrant\test\uninstall.rb"
+

build/post.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 # This script is the post-build script for goreleaser.
-# Because it is run for each bbinary built, and global post-release hooks are 
+# Because it is run for each binary built, and global post-release hooks are 
 # not available in the OSS version, we check for file existence to avoid multiple downloads/copies.
 
 if [ ! -f ./artifacts/stanza-plugins.tar.gz ]; then

build/windows/Vagrantfile

@@ -0,0 +1,18 @@
+Vagrant.configure("2") do |config|
+    config.vm.define :win2012 do |win|
+        win.vm.box = "devopsgroup-io/windows_server-2012r2-standard-amd64-nocm"
+        win.vm.boot_timeout = 500
+        win.vm.communicator = :winrm
+        win.vm.provider "virtualbox" do |vb|
+            # first setup requires gui to be enabled so scripts can be executed in virtualbox guest screen
+            vb.gui = false
+            vb.gui = true
+            vb.customize ["modifyvm", :id, "--memory", "4096"]
+            vb.customize ["modifyvm", :id, "--vram", "128"]
+            vb.customize ["modifyvm", :id,  "--cpus", "2"]
+            vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
+            vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+            vb.customize ["guestproperty", "set", :id, "/VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold", 10000]
+        end
+    end
+end

build/windows/config.yaml

@@ -0,0 +1,11 @@
+# Default pipeline does nothing, please see the docs:
+#
+# Stanza Docs: https://github.com/observIQ/stanza/tree/master/docs
+# Plugins: https://github.com/observIQ/stanza-plugins/tree/master/docs
+# Windows events operator: https://github.com/observIQ/stanza/blob/master/docs/operators/windows_eventlog_input.md
+# Windows events plugin: https://github.com/observIQ/stanza-plugins/blob/master/docs/plugins/windows_event.md
+#
+pipeline:
+  - type: noop
+  - type: stdout
+

build/windows/templates/LicenseAgreementDlg_HK.wxs

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+   <Fragment>
+      <UI>
+         <Dialog Id="LicenseAgreementDlg_HK" Width="370" Height="270" Title="!(loc.LicenseAgreementDlg_Title)">
+            <Control Id="LicenseAcceptedCheckBox" Type="CheckBox" X="20" Y="207" Width="330" Height="18" CheckBoxValue="1" Property="LicenseAccepted"
+            Text="!(loc.LicenseAgreementDlgLicenseAcceptedCheckBox)" />
+            <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="!(loc.WixUIBack)" />
+            <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="!(loc.WixUINext)">
+               <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">CostingComplete = 1</Publish>
+               <Condition Action="disable"><![CDATA[LicenseAccepted <> "1"]]></Condition>
+               <Condition Action="enable">LicenseAccepted = "1"</Condition>
+            </Control>
+            <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="!(loc.WixUICancel)">
+               <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+            </Control>
+            <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="44" TabSkip="no" Text="!(loc.LicenseAgreementDlgBannerBitmap)" />
+            <Control Id="LicenseText" Type="ScrollableText" X="20" Y="60" Width="330" Height="140" Sunken="yes" TabSkip="no">
+
+            {{if gt (.License | len) 0}}
+            <Text SourceFile="{{.License}}" />
+            {{end}}
+
+            </Control>
+            <Control Id="Print" Type="PushButton" X="112" Y="243" Width="56" Height="17" Text="!(loc.WixUIPrint)">
+               <Publish Event="DoAction" Value="WixUIPrintEula">1</Publish>
+            </Control>
+            <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="370" Height="0" />
+            <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="370" Height="0" />
+            <Control Id="Description" Type="Text" X="25" Y="23" Width="340" Height="15" Transparent="yes" NoPrefix="yes" Text="!(loc.LicenseAgreementDlgDescription)" />
+            <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes" Text="!(loc.LicenseAgreementDlgTitle)" />
+         </Dialog>
+      </UI>
+   </Fragment>
+</Wix>

build/windows/templates/WixUI_HK.wxs

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+   <Fragment>
+
+      <UI Id="WixUI_HK">
+         <TextStyle Id="WixUI_Font_Normal" FaceName="Tahoma" Size="8" />
+         <TextStyle Id="WixUI_Font_Bigger" FaceName="Tahoma" Size="12" />
+         <TextStyle Id="WixUI_Font_Title" FaceName="Tahoma" Size="9" Bold="yes" />
+
+         <Property Id="DefaultUIFont" Value="WixUI_Font_Normal" />
+         <Property Id="WixUI_Mode" Value="InstallDir" />
+
+         <DialogRef Id="BrowseDlg" />
+         <DialogRef Id="DiskCostDlg" />
+         <DialogRef Id="ErrorDlg" />
+         <DialogRef Id="FatalError" />
+         <DialogRef Id="FilesInUse" />
+         <DialogRef Id="MsiRMFilesInUse" />
+         <DialogRef Id="PrepareDlg" />
+         <DialogRef Id="ProgressDlg" />
+         <DialogRef Id="ResumeDlg" />
+         <DialogRef Id="UserExit" />
+
+         <!--   Make sure to include custom dialogs in the installer database via a DialogRef command,
+               especially if they are not included explicitly in the publish chain below -->
+         <DialogRef Id="LicenseAgreementDlg_HK"/>
+
+         <Publish Dialog="BrowseDlg" Control="OK" Event="DoAction" Value="WixUIValidatePath" Order="3">1</Publish>
+         <Publish Dialog="BrowseDlg" Control="OK" Event="SpawnDialog" Value="InvalidDirDlg" Order="4"><![CDATA[WIXUI_INSTALLDIR_VALID<>"1"]]></Publish>
+
+         <Publish Dialog="ExitDialog" Control="Finish" Event="EndDialog" Value="Return" Order="999">1</Publish>
+
+         <Publish Dialog="WelcomeDlg" Control="Next" Event="NewDialog" Value="{{if gt (.License | len) 0}}LicenseAgreementDlg_HK{{else}}InstallDirDlg{{end}}">NOT Installed</Publish>
+         <Publish Dialog="WelcomeDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg">Installed AND PATCH</Publish>
+
+         <Publish Dialog="LicenseAgreementDlg_HK" Control="Back" Event="NewDialog" Value="WelcomeDlg">1</Publish>
+         <Publish Dialog="LicenseAgreementDlg_HK" Control="Next" Event="NewDialog" Value="InstallDirDlg">LicenseAccepted = "1"</Publish>
+
+         <Publish Dialog="InstallDirDlg" Control="Back" Event="NewDialog" Value="{{if gt (.License | len) 0}}LicenseAgreementDlg_HK{{else}}WelcomeDlg{{end}}">1</Publish>
+         <Publish Dialog="InstallDirDlg" Control="Next" Event="SetTargetPath" Value="[WIXUI_INSTALLDIR]" Order="1">1</Publish>
+         <Publish Dialog="InstallDirDlg" Control="Next" Event="DoAction" Value="WixUIValidatePath" Order="2">NOT WIXUI_DONTVALIDATEPATH</Publish>
+         <Publish Dialog="InstallDirDlg" Control="Next" Event="SpawnDialog" Value="InvalidDirDlg" Order="3"><![CDATA[NOT WIXUI_DONTVALIDATEPATH AND WIXUI_INSTALLDIR_VALID<>"1"]]></Publish>
+         <Publish Dialog="InstallDirDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg" Order="4">WIXUI_DONTVALIDATEPATH OR WIXUI_INSTALLDIR_VALID="1"</Publish>
+
+         <Publish Dialog="InstallDirDlg" Control="ChangeFolder" Property="_BrowseProperty" Value="[WIXUI_INSTALLDIR]" Order="1">1</Publish>
+         <Publish Dialog="InstallDirDlg" Control="ChangeFolder" Event="SpawnDialog" Value="BrowseDlg" Order="2">1</Publish>
+
+         <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="InstallDirDlg">NOT Installed</Publish>
+         <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="MaintenanceTypeDlg">Installed</Publish>
+
+         <Publish Dialog="MaintenanceWelcomeDlg" Control="Next" Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+
+         <Publish Dialog="MaintenanceTypeDlg" Control="RepairButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+         <Publish Dialog="MaintenanceTypeDlg" Control="RemoveButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+         <Publish Dialog="MaintenanceTypeDlg" Control="Back" Event="NewDialog" Value="MaintenanceWelcomeDlg">1</Publish>
+      </UI>
+
+      <UIRef Id="WixUI_Common" />
+   </Fragment>
+</Wix>