feat: add Azure code signing configuration (#235)

* feat: add Azure code signing configuration

Add support for Azure code signing in Electron builder configuration.
Includes environment variables for publisher name, endpoint,
certificate profile name, and code signing account name.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

* feat: add Azure Trusted Signing environment variables

Add support for Azure Trusted Signing by including necessary environment
variables in the build process. This enables code signing for Windows
applications using Azure's Trusted Signing service.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>

Author: faustbrian

resources/js/electron-builder.js

@@ -1,5 +1,5 @@
-import { join } from 'path';
 import { exec } from 'child_process';
+import { join } from 'path';
 
 const appUrl = process.env.APP_URL;
 const appId = process.env.NATIVEPHP_APP_ID;
@@ -11,6 +11,12 @@ const appVersion = process.env.NATIVEPHP_APP_VERSION;
 const appCopyright = process.env.NATIVEPHP_APP_COPYRIGHT;
 const deepLinkProtocol = process.env.NATIVEPHP_DEEPLINK_SCHEME;
 
+// Azure signing configuration
+const azurePublisherName = process.env.NATIVEPHP_AZURE_PUBLISHER_NAME;
+const azureEndpoint = process.env.NATIVEPHP_AZURE_ENDPOINT;
+const azureCertificateProfileName = process.env.NATIVEPHP_AZURE_CERTIFICATE_PROFILE_NAME;
+const azureCodeSigningAccountName = process.env.NATIVEPHP_AZURE_CODE_SIGNING_ACCOUNT_NAME;
+
 // Since we do not copy the php executable here, we only need these for building
 const isWindows = process.argv.includes('--win');
 const isLinux = process.argv.includes('--linux');
@@ -78,6 +84,14 @@ export default {
     afterSign: 'build/notarize.js',
     win: {
         executableName: fileName,
+        ...(azurePublisherName && azureEndpoint && azureCertificateProfileName && azureCodeSigningAccountName ? {
+            azureSignOptions: {
+                publisherName: azurePublisherName,
+                endpoint: azureEndpoint,
+                certificateProfileName: azureCertificateProfileName,
+                codeSigningAccountName: azureCodeSigningAccountName
+            }
+        } : {}),
     },
     nsis: {
         artifactName: appName + '-${version}-setup.${ext}',

src/Commands/BuildCommand.php

@@ -154,6 +154,14 @@ protected function getEnvironmentVariables(): array
                 'NATIVEPHP_APPLE_ID' => config('nativephp-internal.notarization.apple_id'),
                 'NATIVEPHP_APPLE_ID_PASS' => config('nativephp-internal.notarization.apple_id_pass'),
                 'NATIVEPHP_APPLE_TEAM_ID' => config('nativephp-internal.notarization.apple_team_id'),
+                // Azure Trusted Signing
+                'AZURE_TENANT_ID' => config('nativephp-internal.azure_trusted_signing.tenant_id'),
+                'AZURE_CLIENT_ID' => config('nativephp-internal.azure_trusted_signing.client_id'),
+                'AZURE_CLIENT_SECRET' => config('nativephp-internal.azure_trusted_signing.client_secret'),
+                'NATIVEPHP_AZURE_PUBLISHER_NAME' => config('nativephp-internal.azure_trusted_signing.publisher_name'),
+                'NATIVEPHP_AZURE_ENDPOINT' => config('nativephp-internal.azure_trusted_signing.endpoint'),
+                'NATIVEPHP_AZURE_CERTIFICATE_PROFILE_NAME' => config('nativephp-internal.azure_trusted_signing.certificate_profile_name'),
+                'NATIVEPHP_AZURE_CODE_SIGNING_ACCOUNT_NAME' => config('nativephp-internal.azure_trusted_signing.code_signing_account_name'),
             ],
             Updater::environmentVariables(),
         );