Merge pull request #1 from Radhikaa-chauhan/feature/windows-code-signing-2

ci: add Windows code signing to desktop release workflow

Author: Radhikaa-chauhan

.github/workflows/Tauri-Release.yml

@@ -199,6 +199,39 @@ jobs:
             # - Linux: Sign .deb and .AppImage with GPG
             # Reference: Issue #631
 
+            - name: Decode Windows code signing certificate
+              if: matrix.os == 'windows-2022'
+              shell: powershell
+              run: |
+                  echo "${{ secrets.WINDOWS_CERTIFICATE }}" > cert.b64
+                  certutil -decode cert.b64 circuitverse.pfx
+            
+            - name: Sign Windows executables
+              if: matrix.os == 'windows-2022'
+              shell: powershell
+              run: |
+                  $exePath = "src-tauri\target\release\CircuitVerse.exe"
+
+                  if (Test-Path $exePath) {
+                      signtool sign `
+                        /f circuitverse.pfx `
+                        /p "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" `
+                        /fd SHA256 `
+                        /td SHA256 `
+                        /tr http://timestamp.digicert.com `
+                        $exePath
+                  } else {
+                      Write-Error "CircuitVerse.exe not found at expected path"
+                      exit 1
+                  }
+                      
+            - name: Verify Windows signature
+              if: matrix.os == 'windows-2022'
+              shell: powershell
+              run: |
+                  signtool verify /pa src-tauri\target\release\CircuitVerse.exe
+
+
             - name: Upload Tauri Build Artifacts
               uses: actions/upload-artifact@v4
               with:

.gitignore

@@ -23,3 +23,12 @@ public/simulatorvue/*
 *.njsproj
 *.sln
 *.sw?
+
+# Code signing secrets (DO NOT COMMIT)
+*.pfx
+*.pfx.b64
+*.b64
+cert.b64
+
+# Tauri / Rust build output
+src-tauri/target/