From 8d2327a28acb142efcce13d4f234f075169f2296 Mon Sep 17 00:00:00 2001 From: DioEgizio <83089242+DioEgizio@users.noreply.github.com> Date: Fri, 30 Jan 2026 17:23:34 +0100 Subject: [PATCH 1/3] chore: update to Qt 6.10.2 on windows and linux appimage/portable also switches codeql to build on Qt 6.4.3, to make sure prism still builds on the oldest version we still wanna support. for this reason, codeql also now runs tests (to see if they don't fail on 6.4.3). While doing this I also noticed our qt requirement is 6.4, as we use Qt::Literals::StringLiterals Signed-off-by: DioEgizio <83089242+DioEgizio@users.noreply.github.com> (cherry picked from commit b1857508f70878b826a6fe023f917c195a3cdce0) --- .github/workflows/build.yml | 8 ++++---- .github/workflows/codeql.yml | 6 +++++- CMakeLists.txt | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d83963b13..9d56bb661 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -91,12 +91,12 @@ jobs: - os: ubuntu-24.04 artifact-name: Linux cmake-preset: linux - qt-version: 6.10.1 + qt-version: 6.10.2 - os: ubuntu-24.04-arm artifact-name: Linux-aarch64 cmake-preset: linux - qt-version: 6.10.1 + qt-version: 6.10.2 - os: windows-2022 artifact-name: Windows-MinGW-w64 @@ -115,13 +115,13 @@ jobs: cmake-preset: windows_msvc # TODO(@getchoo): This is the default in setup-dependencies/windows. Why isn't it working?!?! vcvars-arch: amd64 - qt-version: 6.10.1 + qt-version: 6.10.2 - os: windows-11-arm artifact-name: Windows-MSVC-arm64 cmake-preset: windows_msvc vcvars-arch: arm64 - qt-version: 6.10.1 + qt-version: 6.10.2 - os: macos-26 artifact-name: macOS diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8a5fa26fb..e4830ddd9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -79,12 +79,16 @@ jobs: uses: ./.github/actions/setup-dependencies with: build-type: Debug - qt-version: 6.10.1 + qt-version: 6.4.3 - name: Configure and Build run: | cmake --preset linux cmake --build --preset linux --config Debug + - name: Run tests + run: | + ctest --preset linux --build-config Debug + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 diff --git a/CMakeLists.txt b/CMakeLists.txt index d480de21b..e7126109b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -283,7 +283,7 @@ set(Launcher_BUILD_TIMESTAMP "${TODAY}") # Find the required Qt parts if(Launcher_QT_VERSION_MAJOR EQUAL 6) set(QT_VERSION_MAJOR 6) - find_package(Qt6 REQUIRED COMPONENTS Core CoreTools Widgets Concurrent Network Test Xml NetworkAuth OpenGL) + find_package(Qt6 6.4 REQUIRED COMPONENTS Core CoreTools Widgets Concurrent Network Test Xml NetworkAuth OpenGL) find_package(Qt6 COMPONENTS DBus) list(APPEND Launcher_QT_DBUS Qt6::DBus) else() From 0e5605b4f18cebb86f95430ee91d691b63414861 Mon Sep 17 00:00:00 2001 From: DioEgizio <83089242+DioEgizio@users.noreply.github.com> Date: Fri, 30 Jan 2026 18:36:18 +0100 Subject: [PATCH 2/3] fix: sign DLLs too on windows should fix issues with Smart App Control Signed-off-by: DioEgizio <83089242+DioEgizio@users.noreply.github.com> (cherry picked from commit db7685259ece9fa40d3996be07695efdd6d4a33d) --- .github/actions/package/windows/action.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/actions/package/windows/action.yml b/.github/actions/package/windows/action.yml index bd402328c..caeabfa09 100644 --- a/.github/actions/package/windows/action.yml +++ b/.github/actions/package/windows/action.yml @@ -74,12 +74,13 @@ runs: endpoint: https://eus.codesigning.azure.net/ trusted-signing-account-name: PrismLauncher certificate-profile-name: PrismLauncher - - files: | - ${{ github.workspace }}\install\prismlauncher.exe - ${{ github.workspace }}\install\prismlauncher_filelink.exe - ${{ github.workspace }}\install\prismlauncher_updater.exe - + files-folder: ${{ github.workspace }}\install\ + files-folder-filter: dll,exe + files-folder-recurse: true + files-folder-depth: 2 + # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1 + timestamp-rfc3161: 'http://timestamp.acs.microsoft.com' + timestamp-digest: 'SHA256' # TODO(@getchoo): Is this all really needed??? # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md exclude-environment-credential: true @@ -150,6 +151,9 @@ runs: files: | ${{ github.workspace }}\PrismLauncher-Setup.exe + # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1 + timestamp-rfc3161: 'http://timestamp.acs.microsoft.com' + timestamp-digest: 'SHA256' # TODO(@getchoo): Is this all really needed??? # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md exclude-environment-credential: true From d01db5de7fad036f176d8d71cf2b64abfc035ce4 Mon Sep 17 00:00:00 2001 From: DioEgizio <83089242+DioEgizio@users.noreply.github.com> Date: Sat, 31 Jan 2026 10:07:12 +0100 Subject: [PATCH 3/3] chore: trusted signing is now artifact signing see https://github.com/Azure/artifact-signing-action/issues/107 Signed-off-by: DioEgizio <83089242+DioEgizio@users.noreply.github.com> (cherry picked from commit 8781ac5f6484b0c997af848939caf4dfc302adb5) --- .github/actions/package/windows/action.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/actions/package/windows/action.yml b/.github/actions/package/windows/action.yml index caeabfa09..74036154a 100644 --- a/.github/actions/package/windows/action.yml +++ b/.github/actions/package/windows/action.yml @@ -69,7 +69,7 @@ runs: - name: Sign executables if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }} - uses: azure/trusted-signing-action@v0 + uses: azure/artifact-signing-action@v1 with: endpoint: https://eus.codesigning.azure.net/ trusted-signing-account-name: PrismLauncher @@ -79,8 +79,8 @@ runs: files-folder-recurse: true files-folder-depth: 2 # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1 - timestamp-rfc3161: 'http://timestamp.acs.microsoft.com' - timestamp-digest: 'SHA256' + timestamp-rfc3161: "http://timestamp.acs.microsoft.com" + timestamp-digest: "SHA256" # TODO(@getchoo): Is this all really needed??? # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md exclude-environment-credential: true @@ -142,7 +142,7 @@ runs: - name: Sign installer if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }} - uses: azure/trusted-signing-action@v0 + uses: azure/artifact-signing-action@v1 with: endpoint: https://eus.codesigning.azure.net/ trusted-signing-account-name: PrismLauncher @@ -152,8 +152,8 @@ runs: ${{ github.workspace }}\PrismLauncher-Setup.exe # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1 - timestamp-rfc3161: 'http://timestamp.acs.microsoft.com' - timestamp-digest: 'SHA256' + timestamp-rfc3161: "http://timestamp.acs.microsoft.com" + timestamp-digest: "SHA256" # TODO(@getchoo): Is this all really needed??? # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md exclude-environment-credential: true