add azuresigntool codesign process

autonomys · Sep 5, 2023 · e2b7e87 · e2b7e87
1 parent 778a6aa
commit e2b7e87
Showing 1 changed file with 15 additions and 10 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -144,16 +144,21 @@ jobs:
         continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
         if: runner.os == 'macOS'
 
-      # - name: Sign Application (Windows)
-      #   uses: skymatic/code-sign-action@500ce4f8261ca9bd8f85978c1652b34fb511bdf4 # @v2.0.1
-      #   with:
-      #     certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
-      #     password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}"
-      #     certificatesha1: "${{ secrets.WINDOWS_CERTIFICATE_SHA }}"
-      #     folder: "${{ matrix.build.production_target }}"
-      #   # Allow code signing to fail on non-release builds and in non-subspace repos (forks)
-      #   continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
-      #   if: runner.os == 'Windows'
+      - name: Install AzureSignTool (Windows)
+        run: dotnet tool install --global AzureSignTool
+        if: runner.os == 'Windows'
+
+      - name: Sign Application (Windows)
+        run: |
+          AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" \
+          -kvi "${{ secrets.AZURE_CLIENT_ID }}" \
+          -kvt "${{ secrets.AZURE_TENANT_ID }}" \
+          -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" \
+          -kvc "${{ secrets.AZURE_CERT_NAME }}" \
+          -tr http://timestamp.digicert.com \
+          -v "${{ matrix.build.production_target }}/pulsar.exe"
+        continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
+        if: runner.os == 'Windows'
 
       - name: Prepare executables for uploading (Ubuntu)
         run: |