From 14a11cc3d20d1d38e7e3c1ced91462b7a13f771e Mon Sep 17 00:00:00 2001
From: Will Chen <willchen90@gmail.com>
Date: Tue, 29 Apr 2025 16:12:24 -0700
Subject: [PATCH] Code sign win (#50)

* try windows signing

* bump to v0.3.0
---
 .github/workflows/release.yml | 22 +++++++++++++++++++++-
 forge.config.ts               | 10 +++++++++-
 package.json                  |  2 +-
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e465226..d4c6545 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,10 +18,10 @@ jobs:
       matrix:
         os:
           [
+            { name: "windows", image: "windows-latest" },
             { name: "linux", image: "ubuntu-latest" },
             { name: "macos-intel", image: "macos-13" },
             { name: "macos", image: "macos-latest" },
-            { name: "windows", image: "windows-latest" },
           ]
     runs-on: ${{ matrix.os.image }}
     steps:
@@ -38,6 +38,26 @@ jobs:
           MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
           MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
         run: chmod +x tools/add-macos-cert.sh && . ./tools/add-macos-cert.sh
+      # Windows only
+      - name: Set up certificate
+        if: contains(matrix.os.name, 'windows')
+        run: |
+          echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
+        shell: bash
+      - name: Set variables
+        if: contains(matrix.os.name, 'windows')
+        id: variables
+        # echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+        run: |
+          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" 
+          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+        shell: bash
+      - name: Code signing with Software Trust Manager
+        if: contains(matrix.os.name, 'windows')
+        uses: digicert/ssm-code-signing@v1.0.0
+      # Publish (all platforms)
       - name: Publish app
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/forge.config.ts b/forge.config.ts
index 617fa54..be5953a 100644
--- a/forge.config.ts
+++ b/forge.config.ts
@@ -65,7 +65,15 @@ const config: ForgeConfig = {
     force: true,
   },
   makers: [
-    new MakerSquirrel({}),
+    new MakerSquirrel({
+      windowsSign: {
+        // signWithParams:
+        // '/csp "DigiCert Signing Manager KSP" /kc <keypair_alias> /f <certificate_file> /tr http://timestamp.digicert.com /td SHA256 /fd SHA256',
+        certificateFile: process.env.SM_CLIENT_CERT_FILE,
+        certificatePassword: process.env.SM_CLIENT_CERT_PASSWORD,
+        signToolPath: "smctl",
+      },
+    }),
     new MakerZIP({}, ["darwin"]),
     new MakerRpm({}),
     new MakerDeb({
diff --git a/package.json b/package.json
index c00ab6f..979106e 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "dyad",
   "productName": "dyad",
-  "version": "0.2.5-beta.2",
+  "version": "0.3.0",
   "description": "My Electron application description",
   "main": ".vite/build/main.js",
   "repository": {