@@ -112,6 +112,10 @@ jobs:
112
112
choco install winflexbison3
113
113
-
uses :
microsoft/[email protected]
114
114
name : Setup Visual Studio environment
115
+ - name : Setup code sign environment
116
+ run : |
117
+ echo "$(Split-Path -Path $(Get-ChildItem -Path ${env:ProgramFiles(x86)} -Recurse -Filter 'signtool.exe' | Where-Object FullName -like '*10.0.19041.0\x64\signtool.exe').FullName)" >> $env:GITHUB_PATH
118
+ echo "pfxcert=$([string](Get-Location)+'\CodeSignCertificate.pfx')" >> $env:GITHUB_ENV
115
119
- name : Configure with cmake
116
120
run : |
117
121
New-Item -ItemType Directory -Path build
@@ -130,6 +134,23 @@ jobs:
130
134
$msi_name = Get-ChildItem -Filter *.msi -Name
131
135
Write-Output "::set-output name=msi_installer::build/$msi_name"
132
136
Write-Output "::set-output name=msi_name::$msi_name"
137
+ - name : Decode signing certificate
138
+ id : decode_certificate
139
+ run : |
140
+ $pfx_bytes=[System.Convert]::FromBase64String("${{ secrets.CODESIGNCERTPFX }}")
141
+ [IO.File]::WriteAllBytes($env:pfxcert, $pfx_bytes)
142
+ - name : Sign the installer
143
+ id : code_sign
144
+ run : |
145
+ & signtool.exe sign /f $env:pfxcert /p "${{ secrets.CODESIGNCERTPASSWORD }}" /tr http://tsa.starfieldtech.com ${{ steps.create_packages.outputs.msi_installer }}
146
+ - name : Remove signing certificate
147
+ id : remove_certificate
148
+ run : |
149
+ Remove-Item $env:pfxcert
150
+ - name : Verify installer signature
151
+ id : verify_codesign
152
+ run : |
153
+ & signtool.exe verify /pa ${{ steps.create_packages.outputs.msi_installer }}
133
154
- name : Get release info
134
155
id : get_release_info
135
156
uses :
bruceadams/[email protected]
0 commit comments