add code signing to ps1 file

.github/workflows/compile.yaml

@@ -10,6 +10,8 @@ on:
 jobs:
   build-runspace:
     runs-on: windows-latest
+    env:
+      CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
     steps:
     - uses: actions/checkout@v4
       with:
@@ -19,7 +21,18 @@ jobs:
       run: |
         Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
       continue-on-error: false # Directly fail the job on error, removing the need for a separate check
+    - name: Create and import code signing certificate
+      shell: pwsh
+      run: |
+        [System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
+        Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
+    - name: Code sign winutil.ps1
+      shell: pwsh
+      run: |
+        $cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
+        if ($null -eq $cert) { throw "Code signing certificate not found" }
+        Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
     - uses: stefanzweifel/git-auto-commit-action@v5
       with:
         commit_message: Compile Winutil
-      if: success()
+      if: success()