use azure sign for windows

2026-04-28 16:15:21 +00:00 · 2025-09-24 09:22:52 +08:00
parent dd50195cce
commit d1c8686b92
1 changed files with 27 additions and 27 deletions
--- a/.github/workflows/build-desktop-release.yml
+++ b/.github/workflows/build-desktop-release.yml
@@ -309,24 +309,24 @@ jobs:
        working-directory: ./static
        env:
          DEBUG: electron-packager
-        #env:
-        #  CODE_SIGN_CERTIFICATE_FILE: ../codesign.pfx
-        #  CODE_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGN_CERTIFICATE_PASSWORD }}

-      - name: Save Artifact for Code Signing
-        run: |
-          mkdir builds
-          mv static\out\make\squirrel.windows\x64\*.exe    builds\Logseq-win-x64-${{ steps.ref.outputs.version }}.exe
-
-      - name: Upload Artifact for Code Signing
-        uses: actions/upload-artifact@v4
+      - name: Sign
+        uses: azure/trusted-signing-action@v0.5.9
        with:
-          name: logseq-win-x64-unsigned-builds
-          path: builds
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: https://eus.codesigning.azure.net/
+          trusted-signing-account-name: logseqwin
+          certificate-profile-name: Logseq
+          files-folder: builds
+          files-folder-filter: exe,msi
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256

      - name: Save Artifact
        run: |
-          rm builds\*.exe
          mv static\out\make\squirrel.windows\x64\*.nupkg  builds\Logseq-win-x64-${{ steps.ref.outputs.version }}-full.nupkg
          mv static\out\make\zip\win32\x64\*.zip           builds\Logseq-win-x64-${{ steps.ref.outputs.version }}.zip
          mv static\out\make\wix\x64\Logseq.msi            builds\Logseq-win-x64-${{ steps.ref.outputs.version }}.msi
@@ -335,7 +335,7 @@ jobs:
      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
-          name: logseq-win-x64-builds
+          name: logseq-win64-builds
          path: builds

  build-windows-arm64:
@@ -377,24 +377,24 @@ jobs:
        working-directory: ./static
        env:
          DEBUG: electron-packager
-        #env:
-        #  CODE_SIGN_CERTIFICATE_FILE: ../codesign.pfx
-        #  CODE_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGN_CERTIFICATE_PASSWORD }}

-      - name: Save Artifact for Code Signing
-        run: |
-          mkdir builds
-          mv static\out\make\squirrel.windows\arm64\*.exe    builds\Logseq-win-arm64-${{ steps.ref.outputs.version }}.exe
-
-      - name: Upload Artifact for Code Signing
-        uses: actions/upload-artifact@v4
+      - name: Sign
+        uses: azure/trusted-signing-action@v0.5.9
        with:
-          name: logseq-win-arm64-unsigned-builds
-          path: builds
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: https://eus.codesigning.azure.net/
+          trusted-signing-account-name: logseqwin
+          certificate-profile-name: Logseq
+          files-folder: builds
+          files-folder-filter: exe,msi
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256

      - name: Save Artifact
        run: |
-          rm builds\*.exe
          mv static\out\make\squirrel.windows\arm64\*.nupkg  builds\Logseq-win-arm64-${{ steps.ref.outputs.version }}-full.nupkg
          mv static\out\make\zip\win32\arm64\*.zip           builds\Logseq-win-arm64-${{ steps.ref.outputs.version }}.zip
          mv static\out\make\wix\arm64\Logseq.msi            builds\Logseq-win-arm64-${{ steps.ref.outputs.version }}.msi