From 65a13d997ab8e99d0db63679190b78c0711441e5 Mon Sep 17 00:00:00 2001
From: Joseph Flinn <joseph.s.flinn@gmail.com>
Date: Wed, 6 Jan 2021 18:04:18 +0000
Subject: [PATCH] experimenting with no CSC_* env vars

---
 .github/workflows/build.yml | 49 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 78e85b11bc..f832cff64f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -123,6 +123,11 @@ jobs:
     runs-on: windows-latest
 
     steps:
+      - name: Set up dotnet
+        uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: "3.1.x"
+
       - name: Set up Node
         uses: actions/setup-node@v1
         with:
@@ -145,7 +150,31 @@ jobs:
         run: |
           node --version
           npm --version
-          choco --version
+          #choco --version
+          dotnet --version
+
+
+      - name: Install AST
+        shell: pwsh
+        run: |
+          cd $HOME
+
+          git clone https://github.com/vcsjones/AzureSignTool.git
+          cd AzureSignTool
+          $latest_head = $(git rev-parse HEAD)[0..9] -join ""
+          $latest_version = "0.0.0-g$latest_head"
+
+          Write-Host "--------"
+          Write-Host "git commit - $(git rev-parse HEAD)"
+          Write-Host "latest_head - $latest_head"
+          Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
+          Write-Host "--------"
+
+          dotnet restore
+          dotnet pack --output ./nupkg
+          dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
+
+          cd $HOME
 
       - name: Checkout repo
         uses: actions/checkout@v2
@@ -163,6 +192,13 @@ jobs:
       - name: Build application
         shell: pwsh
         run: npm run dist:win:ci
+        env:
+          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
+          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
+          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
+          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
+          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SECRET_TEST: ${{ secrets.SECRET_TEST }}
 
       - name: Rename appx files for store
         shell: pwsh
@@ -211,6 +247,17 @@ jobs:
       #   with:
       #     name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
       #     path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
+      
+      - name: Repack & Sign
+        run: |
+          npm run pack:win
+        env:
+          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
+          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
+          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
+          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
+          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SECRET_TEST: ${{ secrets.SECRET_TEST }}
 
       #- name: Upload release assets
       #  if: github.event_name == 'release'