diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 15ee6683..ffbbabee 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -193,12 +193,7 @@ jobs: shell: pwsh run: npm run dist:win:ci env: - SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} - SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} - SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} - SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} - SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} - SECRET_TEST: ${{ secrets.SECRET_TEST }} + ELECTRON_BUILDER_SIGN: false - name: Rename appx files for store shell: pwsh @@ -252,6 +247,7 @@ jobs: run: | npm run pack:win env: + ELECTRON_BUILDER_SIGN: true SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} diff --git a/sign.js b/sign.js index e7a6df89..f3969c37 100644 --- a/sign.js +++ b/sign.js @@ -1,17 +1,19 @@ exports.default = async function(configuration) { - require("child_process").execSync( - `azuresigntool sign ` + - `-kvu ${process.env.SIGNING_VAULT_URL} ` + - `-kvi ${process.env.SIGNING_CLIENT_ID} ` + - `-kvt ${process.env.SIGNING_TENANT_ID} ` + - `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` + - `-kvc ${process.env.SIGNING_CERT_NAME} ` + - `-fd ${configuration.hash} ` + - `-du ${configuration.site} ` + - `-tr http://timestamp.digicert.com ` + - `${configuration.path}`, - { - stdio: "inherit" - } - ); + if (process.env.ELECTRON_BUILDER_SIGN) { + require("child_process").execSync( + `azuresigntool sign ` + + `-kvu ${process.env.SIGNING_VAULT_URL} ` + + `-kvi ${process.env.SIGNING_CLIENT_ID} ` + + `-kvt ${process.env.SIGNING_TENANT_ID} ` + + `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` + + `-kvc ${process.env.SIGNING_CERT_NAME} ` + + `-fd ${configuration.hash} ` + + `-du ${configuration.site} ` + + `-tr http://timestamp.digicert.com ` + + `${configuration.path}`, + { + stdio: "inherit" + } + ); + } };