github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(windows): Sign windows exe too (#3992)

Browse Source 
Fixes #3230
This commit is contained in:
Jamil
2024-03-05 22:35:24 -08:00
committed by GitHub
parent 169dd72e74
commit 19e833262f
2 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/cd.yml vendored
View File

@@ -274,7 +274,11 @@ jobs:
run: pnpm install
- name: Build release exe and MSI
run: pnpm build
- name: Sign the MSI
- name: Install AzureSignTool
if: ${{ runner.os == 'Windows' }}
shell: bash
run: dotnet tool install --global AzureSignTool
- name: Sign the release exe and MSI
if: ${{ runner.os == 'Windows' }}
env:
AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}
@@ -284,18 +288,8 @@ jobs:
AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }}
shell: bash
run: |
# Install the required tools
dotnet tool install --global AzureSignTool
# Sign the MSI file
AzureSignTool sign \
--azure-key-vault-url "$AZURE_KEY_VAULT_URI" \
--azure-key-vault-client-id "$AZURE_CLIENT_ID" \
--azure-key-vault-tenant-id "$AZURE_TENANT_ID" \
--azure-key-vault-client-secret "$AZURE_CLIENT_SECRET" \
--azure-key-vault-certificate "$AZURE_CERT_NAME" \
--timestamp-rfc3161 "http://timestamp.digicert.com" \
--verbose ../target/release/bundle/msi/Firezone_${{ env.VERSION }}_x64_en-US.msi
../../scripts/build/sign.sh ../target/release/Firezone.exe
../../scripts/build/sign.sh ../target/release/bundle/msi/Firezone_${{ env.VERSION }}_x64_en-US.msi
- name: Rename artifacts and compute SHA256
shell: bash
run: ${{ matrix.rename-script }}

11
scripts/build/sign.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
set -euo pipefail
AzureSignTool sign \
--azure-key-vault-url "$AZURE_KEY_VAULT_URI" \
--azure-key-vault-client-id "$AZURE_CLIENT_ID" \
--azure-key-vault-tenant-id "$AZURE_TENANT_ID" \
--azure-key-vault-client-secret "$AZURE_CLIENT_SECRET" \
--azure-key-vault-certificate "$AZURE_CERT_NAME" \
--timestamp-rfc3161 "http://timestamp.digicert.com" \
--verbose "$1"