@@ -360,24 +360,24 @@ jobs:
360360 zip -r eim.zip eim
361361shell : bash
362362
363- # - name: Sign Windows Binary
364- # if: runner.os == 'Windows'
365- # env:
366- # WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
367- # WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
368- # run: |
369- # echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
370- # certutil -decode cert.b64 cert.pfx
371- # Remove-Item cert.b64
372- # $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
373- # Sort-Object FullName -Descending |
374- # Select-Object -First 1
375-
376- # if (-not $signtool) {
377- # Write-Error "signtool.exe not found on the runner"
378- # exit 1
379- # }
380- # & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release_cli/${{ matrix.package_name }}/eim.exe
363+ - name : Sign Windows Binary
364+ if : runner.os == 'Windows'
365+ env :
366+ WINDOWS_PFX_FILE : ${{ secrets.GLOBALSIGN_PFX_BASE64 }}
367+ WINDOWS_PFX_PASSWORD : ${{ secrets.GLOBALSIGN_PFX_PASSWORD }}
368+ run : |
369+ echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
370+ certutil -decode cert.b64 cert.pfx
371+ Remove-Item cert.b64
372+ $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
373+ Sort-Object FullName -Descending |
374+ Select-Object -First 1
375+
376+ if (-not $signtool) {
377+ Write-Error "signtool.exe not found on the runner"
378+ exit 1
379+ }
380+ & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release_cli/${{ matrix.package_name }}/eim.exe
381381
382382name : Codesign macOS Binary
383383 if : startsWith(matrix.os, 'macos')
@@ -477,21 +477,21 @@ jobs:
477477 zip -r offline_installer_builder.zip offline_installer_builder
478478shell : bash
479479
480- # - name: Sign Windows offline_installer_builder Binary
481- # if: runner.os == 'Windows'
482- # env:
483- # WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
484- # WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
485- # run: |
486- # $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
487- # Sort-Object FullName -Descending |
488- # Select-Object -First 1
489-
490- # if (-not $signtool) {
491- # Write-Error "signtool.exe not found on the runner"
492- # exit 1
493- # }
494- # & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release_cli/${{ matrix.package_name }}/offline_installer_builder.exe
480+ - name : Sign Windows offline_installer_builder Binary
481+ if : runner.os == 'Windows'
482+ env :
483+ WINDOWS_PFX_FILE : ${{ secrets.GLOBALSIGN_PFX_BASE64 }}
484+ WINDOWS_PFX_PASSWORD : ${{ secrets.GLOBALSIGN_PFX_PASSWORD }}
485+ run : |
486+ $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
487+ Sort-Object FullName -Descending |
488+ Select-Object -First 1
489+
490+ if (-not $signtool) {
491+ Write-Error "signtool.exe not found on the runner"
492+ exit 1
493+ }
494+ & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release_cli/${{ matrix.package_name }}/offline_installer_builder.exe
495495
496496name : Codesign macOS offline_installer_builder Binary
497497 if : startsWith(matrix.os, 'macos')
@@ -657,25 +657,25 @@ jobs:
657657 APP_INSIGHTS_CONNECTION_STRING : ${{ secrets.APP_INSIGHTS_CONNECTION_STRING }}
658658 run : yarn tauri build
659659
660- # - name: Sign Windows Binary
661- # if: runner.os == 'Windows'
662- # env:
663- # WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
664- # WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
665- # run: |
666- # echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
667- # certutil -decode cert.b64 cert.pfx
668- # Remove-Item cert.b64
669- # $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
670- # Sort-Object FullName -Descending |
671- # Select-Object -First 1
672-
673- # if (-not $signtool) {
674- # Write-Error "signtool.exe not found on the runner"
675- # exit 1
676- # }
677-
678- # & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 .\src-tauri\target\release\eim.exe
660+ - name : Sign Windows Binary
661+ if : runner.os == 'Windows'
662+ env :
663+ WINDOWS_PFX_FILE : ${{ secrets.GLOBALSIGN_PFX_BASE64 }}
664+ WINDOWS_PFX_PASSWORD : ${{ secrets.GLOBALSIGN_PFX_PASSWORD }}
665+ run : |
666+ echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
667+ certutil -decode cert.b64 cert.pfx
668+ Remove-Item cert.b64
669+ $signtool = Get-ChildItem -Path "C:\Program Files (x86)\Windows Kits\10\bin" -Recurse -Filter signtool.exe |
670+ Sort-Object FullName -Descending |
671+ Select-Object -First 1
672+
673+ if (-not $signtool) {
674+ Write-Error "signtool.exe not found on the runner"
675+ exit 1
676+ }
677+
678+ & $signtool.FullName sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 .\src-tauri\target\release\eim.exe
679679
680680name : Handle Linux artifacts
681681 if : startsWith(matrix.os, 'ubuntu')
0 commit comments