From 1efa636b633212b8c63885bafb6df70860207427 Mon Sep 17 00:00:00 2001 From: Thomas Castiglione Date: Wed, 28 Aug 2024 16:04:50 +0800 Subject: [PATCH] new windows signing approach --- .github/workflows/publish.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d119f71..bf484b6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,19 +37,17 @@ jobs: run: | rustup target add aarch64-apple-darwin rustup target add x86_64-apple-darwin - - - name: install certificate (windows) + + - name: install signtool (windows) if: matrix.platform == 'windows-latest' + shell: bash # env might not work with powershell env: - WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }} - WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }} + WINDOWS_SIGN_COMMAND: trusted-signing-cli -e ${{secrets.WINDOWS_SIGNING_ENDPOINT}} -a ${{secrets.WINDOWS_SIGNING_ACCOUNT}} -c ${{secrets.WINDOWS_SIGNING_PROFILE}} %1 run: | - New-Item -ItemType directory -Path certificate - Set-Content -Path certificate/tempCert.txt -Value $env:WINDOWS_CERTIFICATE - certutil -decode certificate/tempCert.txt certificate/certificate.pfx - Remove-Item -path certificate -include tempCert.txt - Import-PfxCertificate -FilePath certificate/certificate.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String $env:WINDOWS_CERTIFICATE_PASSWORD -Force -AsPlainText) - + cd "$GITHUB_WORKSPACE" + cat './src-tauri/tauri.conf.json' | jq '.bundle .windows += {"signCommand": env.WINDOWS_SIGN_COMMAND}' > './src-tauri/temp.json' && mv './src-tauri/temp.json' './src-tauri/tauri.conf.json' + cargo install trusted-signing-cli@0.3.0 + - name: install frontend dependencies run: npm install --package-lock=false @@ -62,6 +60,9 @@ jobs: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + AZURE_TENANT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_SECRET }} with: args: ${{ matrix.platform == 'macos-latest' && '--target universal-apple-darwin' || ''}} tagName: v__VERSION__