Self sign installer .exe

You know it's secure because this commit is signed!
*taps head*
This commit is contained in:
Jordan Dominion
2023-07-02 18:22:45 -04:00
parent 2607c6b8fa
commit ac9b1c8be1
+10
View File
@@ -1027,6 +1027,16 @@ jobs:
cd build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle
dotnet build -c Release
- name: Sign Installer .exe
shell: powershell
run: |
$pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}")
[IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes)
$certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText
$cert=Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword
rm tg_codesigning.pfx
Set-AuthenticodeSignature build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -Certificate $cert -TimestampServer "http://timestamp.digicert.com"
- name: Test Install # Sanity checks the .deps.json exists, which the installation is broken without
shell: powershell # If it's missing, I found that <PrivateAssets> in <PackageReference> elements were the problem
run: |