Add Azure Trusted Signing integration

Author: neilcsmith-net

.github/workflows/build.yaml

@@ -173,6 +173,31 @@ jobs:
         env:
           INNOSETUP_PATH: 'C:\\Program Files (x86)\\Inno Setup 6\\iscc.exe'
         run: java Exec.java build windows x64 innosetup
+      - name: Azure Trusted Signing
+        if: ${{ vars.AZURE_CERT_PROFILE_NAME }}
+        uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293
+        with:
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: ${{ secrets.AZURE_ENDPOINT }}
+          trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+          certificate-profile-name: ${{ vars.AZURE_CERT_PROFILE_NAME }}
+          files-folder: dist
+          files-folder-filter: exe
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+      - name: Hash Signed File
+        if: ${{ vars.AZURE_CERT_PROFILE_NAME }}
+        shell: bash
+        working-directory: ./dist
+        run: |
+          EXE=$(echo *.exe)
+          echo "Changing hash for ${EXE}"
+          echo "Previous hash : " $(cat ${EXE}.sha256)
+          sha256sum ${EXE} > ${EXE}.sha256
+          echo "Updated hash : " $(cat ${EXE}.sha256)
       - name: Upload
         uses: actions/upload-artifact@v5
         with: