From 021eed838829149037651211ce1dbfbbf91943ce Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Thu, 14 Dec 2023 01:41:17 +0100
Subject: [PATCH] Add windows code signing

---
 .ci/windows/sign.bat       |  5 +++++
 .gitlab-ci.yml             | 22 ++++++++++++++++++++++
 resources/AppxManifest.xml |  2 +-
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 .ci/windows/sign.bat

diff --git a/.ci/windows/sign.bat b/.ci/windows/sign.bat
new file mode 100644
index 000000000..18cd49319
--- /dev/null
+++ b/.ci/windows/sign.bat
@@ -0,0 +1,5 @@
+@echo off
+
+call "C:/Program Files (x86)/Microsoft Visual Studio/2022/BuildTools/VC/Auxiliary/Build/vcvarsall.bat" x64
+
+@C:\smartcardtools\x64\scsigntool -pin %WINDOWS_SIGNING_KEY_PIN% sign /fd SHA256 /t http://timestamp.digicert.com /a /sha1 %WINDOWS_SIGNING_KEY_THUMBPRINT% nheko.msix >nul 2>&1
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c52402cfe..19ce069f7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -38,6 +38,28 @@ build-windows:
     paths:
       - nheko.msix
       - nheko_win_64.zip
+    name: nheko-${CI_COMMIT_SHORT_SHA}-windows-unsigned
+    expose_as: 'windows-app-unsigned'
+
+codesign-windows:
+  stage: sign
+  image: win10-base
+  tags: [libvirt,powershell]
+  resource_group: windows_signingA
+  environment: 
+    name: windows_signing
+  #variables:
+  #  GIT_STRATEGY: none
+  script:
+    - Get-ChildItem -Path Cert:CurrentUser\My
+    - ./.ci/windows/sign.bat
+  needs:
+    - job: build-windows
+  rules:
+    - if : '$CI_COMMIT_REF_PROTECTED == "true"'
+  artifacts:
+    paths:
+      - nheko.msix
     name: nheko-${CI_COMMIT_SHORT_SHA}-windows
     expose_as: 'windows-app'
 
diff --git a/resources/AppxManifest.xml b/resources/AppxManifest.xml
index 6951c3b72..417d0229c 100644
--- a/resources/AppxManifest.xml
+++ b/resources/AppxManifest.xml
@@ -4,7 +4,7 @@
   xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
   xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
   xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities">
-  <Identity Name="im.nheko.Nheko" Version="0.11.3.4" Publisher="CN=NhekoReborn, O=NhekoReborn, L=Munich, S=Bavaria, C=Germany" ProcessorArchitecture="x64"/>
+  <Identity Name="im.nheko.Nheko" Version="0.11.3.4" Publisher="CN=Nicolas Werner, O=Nicolas Werner, L=Munich, S=Bavaria, C=DE" ProcessorArchitecture="x64"/>
   <Properties>
     <DisplayName>Nheko</DisplayName>
     <PublisherDisplayName>Nheko-Reborn</PublisherDisplayName>
-- 
GitLab