windows-iac-vm-tooling/.forgejo/workflows/release.yml

name: Build and Release
on: [push]

jobs:
  build-sign-package:
    runs-on: ubuntu-latest
    container: archlinux:latest
    steps:
      - name: Install Tools
        run: pacman -Syu --noconfirm mingw-w64-gcc nsis osslsigncode opentofu ansible python-pywinrm packer

      - name: Checkout
        uses: actions/checkout@v3

      - name: Cross-Compile (MinGW)
        run: x86_64-w64-mingw32-gcc src/main.c -o dist/app.exe

      - name: Package (NSIS)
        run: makensis -DVERSION=${{ gitea.ref_name }} installer.nsi

      - name: Code Sign (Linux Native)
        env:
          PFX_PASS: ${{ secrets.PFX_PASS }}
        run: |
          osslsigncode sign -pkcs12 cert.pfx -pass "$PFX_PASS" \
            -t http://timestamp.digicert.com \
            -in dist/installer.exe -out dist/installer_signed.exe

      - name: Provision Windows VM (OpenTofu)
        env:
          PM_API_TOKEN_ID: ${{ secrets.PM_TOKEN_ID }}
          PM_API_TOKEN_SECRET: ${{ secrets.PM_TOKEN_SECRET }}
          TF_VAR_build_id: ${{ gitea.run_number }}
        run: |
          cd terraform
          tofu init
          tofu apply -auto-approve
          echo "VM_IP=$(tofu output -raw vm_ip)" >> $GITHUB_ENV

      - name: Verify on Windows (Ansible)
        env:
          ANSIBLE_USER: Administrator
          ANSIBLE_PASSWORD: ${{ secrets.WIN_ADMIN_PASS }}
        run: |
          echo "[windows_vm]" > inventory.ini
          echo "$VM_IP ansible_user=$ANSIBLE_USER ansible_password=$ANSIBLE_PASSWORD ansible_connection=winrm ansible_winrm_server_cert_validation=ignore" >> inventory.ini

          ansible-playbook -i inventory.ini ansible/pipeline.yml

      - name: Cleanup
        if: always()
        run: |
          cd terraform
          tofu destroy -auto-approve
feat: Add professional hierarchical documentation - Created comprehensive README.md with Mermaid diagrams, badges, and TOC - Added docs/ directory with 7 sections and 14 markdown files - Included architecture diagrams, flowcharts, and sequence diagrams - All documentation is fully interlinked with cross-references - Added ISO storage location on Proxmox development server - Included troubleshooting guide and evaluation management docs - All config files (Packer, Terraform, Ansible, Forgejo) documented - Added icons and visual elements throughout documentation 2026-02-06 14:47:15 +00:00			`name: Build and Release`
			`on: [push]`

			`jobs:`
			`build-sign-package:`
			`runs-on: ubuntu-latest`
			`container: archlinux:latest`
			`steps:`
			`- name: Install Tools`
			`run: pacman -Syu --noconfirm mingw-w64-gcc nsis osslsigncode opentofu ansible python-pywinrm packer`

			`- name: Checkout`
			`uses: actions/checkout@v3`

			`- name: Cross-Compile (MinGW)`
			`run: x86_64-w64-mingw32-gcc src/main.c -o dist/app.exe`

			`- name: Package (NSIS)`
			`run: makensis -DVERSION=${{ gitea.ref_name }} installer.nsi`

			`- name: Code Sign (Linux Native)`
			`env:`
			`PFX_PASS: ${{ secrets.PFX_PASS }}`
			`run: \|`
			`osslsigncode sign -pkcs12 cert.pfx -pass "$PFX_PASS" \`
			`-t http://timestamp.digicert.com \`
			`-in dist/installer.exe -out dist/installer_signed.exe`

			`- name: Provision Windows VM (OpenTofu)`
			`env:`
			`PM_API_TOKEN_ID: ${{ secrets.PM_TOKEN_ID }}`
			`PM_API_TOKEN_SECRET: ${{ secrets.PM_TOKEN_SECRET }}`
			`TF_VAR_build_id: ${{ gitea.run_number }}`
			`run: \|`
			`cd terraform`
			`tofu init`
			`tofu apply -auto-approve`
			`echo "VM_IP=$(tofu output -raw vm_ip)" >> $GITHUB_ENV`

			`- name: Verify on Windows (Ansible)`
			`env:`
			`ANSIBLE_USER: Administrator`
			`ANSIBLE_PASSWORD: ${{ secrets.WIN_ADMIN_PASS }}`
			`run: \|`
			`echo "[windows_vm]" > inventory.ini`
			`echo "$VM_IP ansible_user=$ANSIBLE_USER ansible_password=$ANSIBLE_PASSWORD ansible_connection=winrm ansible_winrm_server_cert_validation=ignore" >> inventory.ini`

			`ansible-playbook -i inventory.ini ansible/pipeline.yml`

			`- name: Cleanup`
			`if: always()`
			`run: \|`
			`cd terraform`
			`tofu destroy -auto-approve`