From e7572f3765451889a0ebfaad1112e5284d7dc91c Mon Sep 17 00:00:00 2001 From: rzmk <30333942+rzmk@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:21:40 -0400 Subject: [PATCH 1/2] ci: add signing step for qsv MSI installer --- .github/workflows/publish-wix-installer.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-wix-installer.yml b/.github/workflows/publish-wix-installer.yml index 77ac2d2f6..427a5d04b 100644 --- a/.github/workflows/publish-wix-installer.yml +++ b/.github/workflows/publish-wix-installer.yml @@ -71,7 +71,22 @@ jobs: rm wix/main.wxs cargo wix -I contrib/wix/app.wxs --nocapture cp target\wix\*.msi qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi - + + - name: Sign qsv MSI installer file with Azure Trusted Signing + if: matrix.settings.platform == 'windows-latest' + uses: azure/trusted-signing-action@v0.4.0 + with: + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} + endpoint: ${{ secrets.AZURE_ENDPOINT }} + trusted-signing-account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_NAME }} + certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} + files: qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + - name: Upload zipped binaries to release uses: svenstaro/upload-release-action@v2 with: From d4916fa8e3c92d923f6b5ddfb9377e4924634379 Mon Sep 17 00:00:00 2001 From: rzmk <30333942+rzmk@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:22:47 -0400 Subject: [PATCH 2/2] `ci`: remove unnecessary conditional check for Windows runner [skip ci] --- .github/workflows/publish-wix-installer.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-wix-installer.yml b/.github/workflows/publish-wix-installer.yml index 427a5d04b..37788c35d 100644 --- a/.github/workflows/publish-wix-installer.yml +++ b/.github/workflows/publish-wix-installer.yml @@ -73,7 +73,6 @@ jobs: cp target\wix\*.msi qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi - name: Sign qsv MSI installer file with Azure Trusted Signing - if: matrix.settings.platform == 'windows-latest' uses: azure/trusted-signing-action@v0.4.0 with: azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}