diff --git a/.github/workflows/windows-dev.yml b/.github/workflows/windows-dev.yml index 0f7e4ebf..076b20d3 100644 --- a/.github/workflows/windows-dev.yml +++ b/.github/workflows/windows-dev.yml @@ -51,33 +51,17 @@ jobs: run: | makensis /DPRODUCT_VERSION=${{ steps.readversion.outputs.info }} Templates/installer/windows-installer-dev.nsi - - name: Sign installer - run: | - New-Item -ItemType directory -Path certificate - Set-Content -Path certificate\cert.txt -Value ${{ secrets.WIN_CERT }} - certutil -decode certificate\cert.txt certificate\cert.pfx - - Import-PfxCertificate ` - -FilePath certificate\cert.pfx ` - -CertStoreLocation Cert:\CurrentUser\My ` - -Password (ConvertTo-SecureString -String ${{ secrets.WIN_PASS }} -Force -AsPlainText) - - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe' sign ` - /debug ` - /fd SHA256 ` - /p ${{ secrets.WIN_PASS }} ` - /f certificate\cert.pfx ` - /td sha256 ` - /tr 'http://timestamp.digicert.com' ` - Templates/installer/SuperHumanInstallerDev-Setup.exe - - Remove-Item -Recurse -Force certificate + # Sign installer - - name: Verify signature - if: ${{ false }} - run: | - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe' ` - verify Templates/installer/SuperHumanInstallerDev-Setup.exe + - name: Sign installer + uses: Moonshine-IDE/digicert-sign-action@v1.0 + with: + bin-path: Templates/installer/SuperHumanInstallerDev-Setup.exe + sm-host: ${{ secrets.SM_HOST }} + sm-api-key: ${{ secrets.SM_API_KEY }} + sm-client-cert-file-b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} + sm-client-cert-password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} + sm-code-signing-cert-sha1-hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} - name: Upload installer uses: actions/upload-artifact@v3