Add windows code signing

This commit is contained in:
Nicolas Werner 2023-12-14 01:41:17 +01:00
parent 199cea9b38
commit 021eed8388
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
3 changed files with 28 additions and 1 deletions

5
.ci/windows/sign.bat Normal file
View file

@ -0,0 +1,5 @@
@echo off
call "C:/Program Files (x86)/Microsoft Visual Studio/2022/BuildTools/VC/Auxiliary/Build/vcvarsall.bat" x64
@C:\smartcardtools\x64\scsigntool -pin %WINDOWS_SIGNING_KEY_PIN% sign /fd SHA256 /t http://timestamp.digicert.com /a /sha1 %WINDOWS_SIGNING_KEY_THUMBPRINT% nheko.msix >nul 2>&1

View file

@ -38,6 +38,28 @@ build-windows:
paths: paths:
- nheko.msix - nheko.msix
- nheko_win_64.zip - nheko_win_64.zip
name: nheko-${CI_COMMIT_SHORT_SHA}-windows-unsigned
expose_as: 'windows-app-unsigned'
codesign-windows:
stage: sign
image: win10-base
tags: [libvirt,powershell]
resource_group: windows_signingA
environment:
name: windows_signing
#variables:
# GIT_STRATEGY: none
script:
- Get-ChildItem -Path Cert:CurrentUser\My
- ./.ci/windows/sign.bat
needs:
- job: build-windows
rules:
- if : '$CI_COMMIT_REF_PROTECTED == "true"'
artifacts:
paths:
- nheko.msix
name: nheko-${CI_COMMIT_SHORT_SHA}-windows name: nheko-${CI_COMMIT_SHORT_SHA}-windows
expose_as: 'windows-app' expose_as: 'windows-app'

View file

@ -4,7 +4,7 @@
xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"> xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities">
<Identity Name="im.nheko.Nheko" Version="0.11.3.4" Publisher="CN=NhekoReborn, O=NhekoReborn, L=Munich, S=Bavaria, C=Germany" ProcessorArchitecture="x64"/> <Identity Name="im.nheko.Nheko" Version="0.11.3.4" Publisher="CN=Nicolas Werner, O=Nicolas Werner, L=Munich, S=Bavaria, C=DE" ProcessorArchitecture="x64"/>
<Properties> <Properties>
<DisplayName>Nheko</DisplayName> <DisplayName>Nheko</DisplayName>
<PublisherDisplayName>Nheko-Reborn</PublisherDisplayName> <PublisherDisplayName>Nheko-Reborn</PublisherDisplayName>