Add Windows certificate handling in CI workflow and configuration

2025-12-25 16:09:31 +01:00 · 2024-12-07 11:05:04 +01:00
parent 2ce11577aa
commit 38f2cfa7ef
2 changed files with 31 additions and 3 deletions
--- a/.github/workflows/publish-app.yml
+++ b/.github/workflows/publish-app.yml
@@ -34,6 +34,18 @@ jobs:
          $version = $env:GITHUB_REF -replace '^refs/tags/v',''
          echo "VERSION=$version" >> $env:GITHUB_ENV

+      # Decode certificate for Windows
+      - name: Decode certificate (Windows)
+        if: matrix.os == 'windows-latest'
+        run: |
+          $certPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "build_cert.pfx"
+          $certContent = [System.Convert]::FromBase64String($env:WINDOWS_CERT_BASE64)
+          [IO.File]::WriteAllBytes($certPath, $certContent)
+          echo "CERTIFICATE_PATH=$certPath" >> $env:GITHUB_ENV
+        shell: pwsh
+        env:
+          WINDOWS_CERT_BASE64: ${{ secrets.WINDOWS_CERT_BASE64 }}
+
      - name: Update package.json version
        shell: bash
        working-directory: apps/desktop
@@ -50,9 +62,20 @@ jobs:
      - name: Build Electron App
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CERTIFICATE_PATH: ${{ env.CERTIFICATE_PATH }}
+          CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD }}
        working-directory: apps/desktop
        run: npm run make

+      # Clean up certificate
+      - name: Clean up certificate
+        if: matrix.os == 'windows-latest'
+        run: |
+          if (Test-Path $env:CERTIFICATE_PATH) {
+            Remove-Item -Path $env:CERTIFICATE_PATH
+          }
+        shell: pwsh
+
      - name: Publish Release to GitHub
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/apps/desktop/forge.config.ts
+++ b/apps/desktop/forge.config.ts
@@ -15,6 +15,10 @@ const config: ForgeConfig = {
    executableName: process.platform === 'linux' ? 'colanode' : 'Colanode',
    icon: 'assets/colanode_logo_black',
    appBundleId: 'com.colanode.desktop',
+    ...(process.platform === 'win32' && {
+      certificateFile: process.env.CERTIFICATE_PATH,
+      certificatePassword: process.env.CERTIFICATE_PASSWORD
+    }),
    asar: true,
    ignore: [
      /^\/src/,
@@ -49,9 +53,10 @@ const config: ForgeConfig = {
  makers: [
    new MakerSquirrel({
      name: 'Colanode',
-      authors: 'Colanode',
-      description: 'Colanode Desktop Application',
-      setupExe: 'ColanodeSetup.exe',
+      ...(process.platform === 'win32' && {
+        certificateFile: process.env.CERTIFICATE_PATH,
+        certificatePassword: process.env.CERTIFICATE_PASSWORD
+      })
    }),
    new MakerZIP({}, ['darwin']),
    new MakerRpm({