From c781755c6e48a11d5e2f4792848ec60b26835ce2 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 21 Mar 2022 14:02:02 +0100
Subject: [PATCH] use special sign process for windows exe bundle

---
 .github/workflows/win-exe.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index f024d7347..9ecf71f56 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -217,7 +217,22 @@ jobs:
         run: >
           "${WIX}/bin/light.exe" -b dist/win/ dist/win/bundle/bundleWithWinfsp.wixobj
           -ext WixBalExtension
-          -out installer/Cryptomator.exe
+          -out installer/unsigned/Cryptomator.exe
+      - name: Detach burn engine in preparation to sign
+        run: >
+          "${WIX}/bin/insignia.exe" -ib .\installer\unsigned\Cryptomator.exe -o .\tmp\engine.exe
+      - name: Codesign burn engine
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: FF52240075AD7D14AF25629FDF69635357C7D14B
+          description: Wix Burn Engine
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: tmp
+      - name: Reattach signed burn engine to installer
+        run : >
+          ${WIX}/bin/insignia.exe" -ab tmp\engine.exe installer\unsigned\Cryptomator.exe -o installer\Cryptomator.exe
       - name: Codesign EXE
         uses: skymatic/code-sign-action@v1
         with: