diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4ffc801343..c10140bf8c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -418,6 +418,26 @@ jobs: name: anon-${{ env.PKG_ENV }}-windows-amd64 path: package/ + sign-windows-64-binary: + runs-on: windows-latest + needs: build-windows-64-binary + steps: + - name: Download raw artifacts + uses: actions/download-artifact@v4 + with: + name: anon-${{ env.PKG_ENV }}-windows-amd64 + path: build/ + - name: Sign + run: | + dotnet tool install --global AzureSignTool + AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "build/anon.exe" + AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "build/anon-gencert.exe" + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: anon-${{ env.PKG_ENV }}-windows-signed-amd64 + path: build/ + # # Release # @@ -465,7 +485,7 @@ jobs: release-github: runs-on: ubuntu-latest - needs: [build-deb-package, build-macos-binary, build-windows-64-binary] + needs: [build-deb-package, build-macos-binary, sign-windows-64-binary] if: startsWith(github.ref, 'refs/tags/') steps: - name: Download raw artifacts @@ -484,7 +504,7 @@ jobs: zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/* zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/* zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/* - zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64/* + zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64/* ls -la -R release-artifacts/ - name: Checkout Repository uses: actions/checkout@v4