From 38f2cfa7efd0cc8fb64b8a0f36c3305f740c8dc4 Mon Sep 17 00:00:00 2001
From: Ylber Gashi <ylber.g@gjirafa.com>
Date: Sat, 7 Dec 2024 11:05:04 +0100
Subject: [PATCH] Add Windows certificate handling in CI workflow and
 configuration

---
 .github/workflows/publish-app.yml | 23 +++++++++++++++++++++++
 apps/desktop/forge.config.ts      | 11 ++++++++---
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish-app.yml b/.github/workflows/publish-app.yml
index c449c781..af65ae56 100644
--- a/.github/workflows/publish-app.yml
+++ b/.github/workflows/publish-app.yml
@@ -34,6 +34,18 @@ jobs:
           $version = $env:GITHUB_REF -replace '^refs/tags/v',''
           echo "VERSION=$version" >> $env:GITHUB_ENV
 
+      # Decode certificate for Windows
+      - name: Decode certificate (Windows)
+        if: matrix.os == 'windows-latest'
+        run: |
+          $certPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "build_cert.pfx"
+          $certContent = [System.Convert]::FromBase64String($env:WINDOWS_CERT_BASE64)
+          [IO.File]::WriteAllBytes($certPath, $certContent)
+          echo "CERTIFICATE_PATH=$certPath" >> $env:GITHUB_ENV
+        shell: pwsh
+        env:
+          WINDOWS_CERT_BASE64: ${{ secrets.WINDOWS_CERT_BASE64 }}
+
       - name: Update package.json version
         shell: bash
         working-directory: apps/desktop
@@ -50,9 +62,20 @@ jobs:
       - name: Build Electron App
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CERTIFICATE_PATH: ${{ env.CERTIFICATE_PATH }}
+          CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD }}
         working-directory: apps/desktop
         run: npm run make
 
+      # Clean up certificate
+      - name: Clean up certificate
+        if: matrix.os == 'windows-latest'
+        run: |
+          if (Test-Path $env:CERTIFICATE_PATH) {
+            Remove-Item -Path $env:CERTIFICATE_PATH
+          }
+        shell: pwsh
+
       - name: Publish Release to GitHub
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/apps/desktop/forge.config.ts b/apps/desktop/forge.config.ts
index a6bdb469..398326f7 100644
--- a/apps/desktop/forge.config.ts
+++ b/apps/desktop/forge.config.ts
@@ -15,6 +15,10 @@ const config: ForgeConfig = {
     executableName: process.platform === 'linux' ? 'colanode' : 'Colanode',
     icon: 'assets/colanode_logo_black',
     appBundleId: 'com.colanode.desktop',
+    ...(process.platform === 'win32' && {
+      certificateFile: process.env.CERTIFICATE_PATH,
+      certificatePassword: process.env.CERTIFICATE_PASSWORD
+    }),
     asar: true,
     ignore: [
       /^\/src/,
@@ -49,9 +53,10 @@ const config: ForgeConfig = {
   makers: [
     new MakerSquirrel({
       name: 'Colanode',
-      authors: 'Colanode',
-      description: 'Colanode Desktop Application',
-      setupExe: 'ColanodeSetup.exe',
+      ...(process.platform === 'win32' && {
+        certificateFile: process.env.CERTIFICATE_PATH,
+        certificatePassword: process.env.CERTIFICATE_PASSWORD
+      })
     }),
     new MakerZIP({}, ['darwin']),
     new MakerRpm({