Add Azure Trusted Signing (#80)

Author: HarishMalavade

.github/workflows/RELEASE.yml

@@ -92,8 +92,13 @@ jobs:
       if: ${{ runner.os == 'Windows' }}
       env:
         BUILD_REF: ${{ github.ref_name }}
-        CSC_LINK: "${{ secrets.WIN_CSC_LINK }}"
-        CSC_KEY_PASSWORD: "${{ secrets.WIN_CSC_KEY_PASSWORD }}"
+        AZURE_CERT_PROFILE_NAME: "${{ secrets.AZURE_CERT_PROFILE_NAME }}"
+        AZURE_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
+        AZURE_CLIENT_SECRET: "${{ secrets.AZURE_CLIENT_SECRET }}"
+        AZURE_CODE_SIGNING_NAME: "${{ secrets.AZURE_CODE_SIGNING_NAME }}"
+        AZURE_ENDPOINT: "${{ secrets.AZURE_ENDPOINT }}"
+        AZURE_PUBLISHER_NAME: "${{ secrets.AZURE_PUBLISHER_NAME }}"
+        AZURE_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
         IS_CI: true
         MIXPANEL_TOKEN: "${{ secrets.MIXPANEL_PROJECT_TOKEN }}"
         MIXPANEL_STAGE: "prod"

package-lock.json

@@ -100,4 +100,4 @@
       ]
     ]
   }
-}
+}

package.json

@@ -99,9 +99,17 @@ const signingOptions = [
   `-c.forceCodeSigning=${false}`
 ];
 
-const certificateFingerprint = process.env.WIN_CSC_FINGERPRINT;
-if (certificateFingerprint) {
-  signingOptions.push(`-c.win.certificateSha1=${certificateFingerprint}`);
+const windowsSigningOptions = {
+  certificateProfileName: process.env.AZURE_CERT_PROFILE_NAME,
+  endpoint: process.env.AZURE_ENDPOINT,
+  codeSigningAccountName: process.env.AZURE_CODE_SIGNING_NAME,
+  publisherName: process.env.AZURE_PUBLISHER_NAME
+};
+
+for (const [ key, value ] of Object.entries(windowsSigningOptions)) {
+  if (value) {
+    signingOptions.push(`-c.win.azureSignOptions.${key}=${value}`);
+  }
 }
 
 if (publish && (argv.ia32 || argv.x64 || argv.arm64)) {