Sign Windows binary (#37)

Author: bernd

Makefile

@@ -25,6 +25,12 @@ build-darwin-arm64:
 build-windows-amd64:
 	GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_OPTS) -o $(BIN_WINDOWS_AMD64) main.go
 
+sign-binaries: sign-binary-windows-amd64
+	# This needs to run in a Docker container with the graylog/internal-codesigntool image
+	codesigntool sign $(BIN_WINDOWS_AMD64)
+
+sign-binary-windows-amd64:
+
 install: install-linux install-darwin-amd64
 
 install-darwin-amd64: build-darwin-amd64

jenkins.groovy

@@ -29,17 +29,35 @@ pipeline
 
             sh "make"
          }
+      }
+
+      stage('Sign Windows Binaries')
+      {
+        agent
+        {
+          docker
+          {
+            image 'graylog/internal-codesigntool:latest'
+            args '-u jenkins:jenkins'
+            registryCredentialsId 'docker-hub'
+            alwaysPull true
+            reuseNode true
+          }
+        }
+
+        environment
+        {
+          CODESIGN_USER = credentials('codesign-user')
+          CODESIGN_PASS = credentials('codesign-pass')
+          CODESIGN_TOTP_SECRET = credentials('codesign-totp-secret')
+          CODESIGN_CREDENTIAL_ID = credentials('codesign-credential-id')
+        }
+
+        steps
+        {
+          sh 'make sign-binaries'
+        }
 
-         post
-         {
-            success
-            {
-               archiveArtifacts '*.linux'
-               archiveArtifacts '*.darwin-amd64'
-               archiveArtifacts '*.darwin-arm64'
-               archiveArtifacts '*.exe'
-            }
-         }
       }
 
       stage('Release')
@@ -76,6 +94,14 @@ pipeline
 
    post
    {
+     success
+     {
+        archiveArtifacts '*.linux'
+        archiveArtifacts '*.darwin-amd64'
+        archiveArtifacts '*.darwin-arm64'
+        archiveArtifacts '*.exe'
+     }
+
      cleanup
      {
        cleanWs()