use the most awesome codesign action

2026-05-23 13:11:28 +00:00 · 2021-07-23 15:11:10 +02:00
parent d2f4927634
commit e7266070a0
1 changed files with 15 additions and 36 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -428,28 +428,15 @@ jobs:
      - name: Patch Application Directory
        run: |
          cp dist/win/contrib/* appdir/Cryptomator
-      - name: Import codesign cert
-        run: echo -n "$CODESIGN_P12_BASE64" | base64 --decode > $RUNNER_TEMP/codesign.p12
-        env:
-          CODESIGN_P12_BASE64: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
      - name: Codesign
-        run: |
-          SIGNTOOL_PATH="C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe"
-          for BINARY_FILE in `find appdir/Cryptomator -name "*.dll" -o -name "*.exe"`; do
-            ${SIGNTOOL_PATH} sign /v \
-              /f ${RUNNER_TEMP}/codesign.p12 \
-              /d "Cryptomator" \
-              /du "https://cryptomator.org" \
-              /p ${CODESIGN_P12_PW} \
-              /fd SHA256 \
-              /sha1 ${CODESIGN_CERT_SHA1} \
-              /tr "http://timestamp.sectigo.com" \
-              /td SHA256 \
-              ${BINARY_FILE}
-          done
-        env:
-          CODESIGN_P12_PW: ${{ secrets.WIN_CODESIGN_P12_PW }}
-          CODESIGN_CERT_SHA1: FF52240075AD7D14AF25629FDF69635357C7D14B
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: FF52240075AD7D14AF25629FDF69635357C7D14B
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: appdir/Cryptomator
+          recursive: true
      - name: Create MSI
        run: >
          ${JAVA_HOME}/bin/jpackage
@@ -463,21 +450,13 @@ jobs:
          --copyright "(C) 2016 - 2021 Skymatic GmbH"
          --app-version "${{ needs.metadata.outputs.versionNum }}"
      - name: Codesign MSI
-        run: |
-          SIGNTOOL_PATH="C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe"
-          ${SIGNTOOL_PATH} sign /v \
-            /f ${RUNNER_TEMP}/codesign.p12 \
-            /d "Cryptomator" \
-            /du "https://cryptomator.org" \
-            /p ${CODESIGN_P12_PW} \
-            /fd SHA256 \
-            /sha1 ${CODESIGN_CERT_SHA1} \
-            /tr "http://timestamp.sectigo.com" \
-            /td SHA256 \
-            installer/Cryptomator-${{ needs.metadata.outputs.versionNum }}.msi
-        env:
-          CODESIGN_P12_PW: ${{ secrets.WIN_CODESIGN_P12_PW }}
-          CODESIGN_CERT_SHA1: FF52240075AD7D14AF25629FDF69635357C7D14B
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: FF52240075AD7D14AF25629FDF69635357C7D14B
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: installer
      - name: Upload win-msi
        uses: actions/upload-artifact@v2
        with: