Try SInging

Equicord · Feb 4, 2025 · 3ff2f01 · 3ff2f01
1 parent 630dbaa
commit 3ff2f01
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ on:
 
 env:
   FORCE_COLOR: true
+  TIMESTAMP_SERVER: http://timestamp.digicert.com/
 
 jobs:
   build-linux:
@@ -158,6 +159,25 @@ jobs:
           export GOPATH=/mingw64
           CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -v -tags "static cli" -ldflags "-s -w -extldflags=-static -X 'vencord/buildinfo.InstallerGitHash=$(git rev-parse --short HEAD)' -X 'vencord/buildinfo.InstallerTag=${{ github.ref_name }}'" -o EquilotlCli.exe
 
+      - name: Import code signing certificate
+        run: |
+          $pfxCertFilePath = Join-Path -Path $PSScriptRoot -ChildPath "CodeSigningCertificate.pfx"
+          Set-Content -Value $([System.Convert]::FromBase64String($env:BASE64_PFX)) -Path $pfxCertFilePath -AsByteStream
+          Import-PfxCertificate -FilePath $pfxCertFilePath -Password $($env:PFX_PASSWORD | ConvertTo-SecureString -AsPlainText -Force) -CertStoreLocation Cert:/CurrentUser/My
+        env:
+          BASE64_PFX: ${{secrets.BASE64_PFX}}
+          PFX_PASSWORD: ${{secrets.PFX_PASSWORD}}
+
+      - name: Digitally sign equilotl executable
+        run: |
+          New-Alias "signtool" "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe"
+          signtool sign /a /t ${{env.TIMESTAMP_SERVER}} Equilotl.exe
+
+      - name: Digitally sign equilotl executable
+        run: |
+          New-Alias "signtool" "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe"
+          signtool sign /a /t ${{env.TIMESTAMP_SERVER}} EquilotlCli.exe
+
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with: