From 80675b4c3fbf59890e603e6a6222e5920fe3d864 Mon Sep 17 00:00:00 2001 From: Chris Titus Date: Fri, 2 Aug 2024 18:51:50 -0500 Subject: [PATCH] add code signing to ps1 file --- .github/workflows/compile.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/compile.yaml b/.github/workflows/compile.yaml index d835423b..63422538 100644 --- a/.github/workflows/compile.yaml +++ b/.github/workflows/compile.yaml @@ -10,6 +10,8 @@ on: jobs: build-runspace: runs-on: windows-latest + env: + CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }} steps: - uses: actions/checkout@v4 with: @@ -19,7 +21,18 @@ jobs: run: | Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1 continue-on-error: false # Directly fail the job on error, removing the need for a separate check + - name: Create and import code signing certificate + shell: pwsh + run: | + [System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64")) + Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My + - name: Code sign winutil.ps1 + shell: pwsh + run: | + $cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 + if ($null -eq $cert) { throw "Code signing certificate not found" } + Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert - uses: stefanzweifel/git-auto-commit-action@v5 with: commit_message: Compile Winutil - if: success() + if: success() \ No newline at end of file