Code sign win (#50)

* try windows signing

* bump to v0.3.0

.github/workflows/release.yml

@@ -18,10 +18,10 @@ jobs:
       matrix:
         os:
           [
+            { name: "windows", image: "windows-latest" },
             { name: "linux", image: "ubuntu-latest" },
             { name: "macos-intel", image: "macos-13" },
             { name: "macos", image: "macos-latest" },
-            { name: "windows", image: "windows-latest" },
           ]
     runs-on: ${{ matrix.os.image }}
     steps:
@@ -38,6 +38,26 @@ jobs:
           MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
           MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
         run: chmod +x tools/add-macos-cert.sh && . ./tools/add-macos-cert.sh
+      # Windows only
+      - name: Set up certificate
+        if: contains(matrix.os.name, 'windows')
+        run: |
+          echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
+        shell: bash
+      - name: Set variables
+        if: contains(matrix.os.name, 'windows')
+        id: variables
+        # echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+        run: |
+          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" 
+          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+        shell: bash
+      - name: Code signing with Software Trust Manager
+        if: contains(matrix.os.name, 'windows')
+        uses: digicert/ssm-code-signing@v1.0.0
+      # Publish (all platforms)
       - name: Publish app
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}