From c508c7cd0507eba3806f8777430b711ad639bba5 Mon Sep 17 00:00:00 2001
From: Joseph Flinn <joseph.s.flinn@gmail.com>
Date: Wed, 6 Jan 2021 18:58:44 +0000
Subject: [PATCH] adding a signing flag for electron builder

---
 .github/workflows/build.yml |  8 ++------
 sign.js                     | 32 +++++++++++++++++---------------
 2 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 15ee6683..ffbbabee 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -193,12 +193,7 @@ jobs:
         shell: pwsh
         run: npm run dist:win:ci
         env:
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
-          SECRET_TEST: ${{ secrets.SECRET_TEST }}
+          ELECTRON_BUILDER_SIGN: false
 
       - name: Rename appx files for store
         shell: pwsh
@@ -252,6 +247,7 @@ jobs:
         run: |
           npm run pack:win
         env:
+          ELECTRON_BUILDER_SIGN: true
           SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
           SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
           SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
diff --git a/sign.js b/sign.js
index e7a6df89..f3969c37 100644
--- a/sign.js
+++ b/sign.js
@@ -1,17 +1,19 @@
 exports.default = async function(configuration) {
-  require("child_process").execSync(
-    `azuresigntool sign ` +
-    `-kvu ${process.env.SIGNING_VAULT_URL} ` +
-    `-kvi ${process.env.SIGNING_CLIENT_ID} ` +
-    `-kvt ${process.env.SIGNING_TENANT_ID} ` +
-    `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` +
-    `-kvc ${process.env.SIGNING_CERT_NAME} ` +
-    `-fd ${configuration.hash} ` +
-    `-du ${configuration.site} ` +
-    `-tr http://timestamp.digicert.com ` +
-    `${configuration.path}`,
-    {
-      stdio: "inherit"
-    }
-  );
+  if (process.env.ELECTRON_BUILDER_SIGN) {
+    require("child_process").execSync(
+      `azuresigntool sign ` +
+      `-kvu ${process.env.SIGNING_VAULT_URL} ` +
+      `-kvi ${process.env.SIGNING_CLIENT_ID} ` +
+      `-kvt ${process.env.SIGNING_TENANT_ID} ` +
+      `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` +
+      `-kvc ${process.env.SIGNING_CERT_NAME} ` +
+      `-fd ${configuration.hash} ` +
+      `-du ${configuration.site} ` +
+      `-tr http://timestamp.digicert.com ` +
+      `${configuration.path}`,
+      {
+        stdio: "inherit"
+      }
+    );
+  }
 };