From 9999ab6bf724285d88fa82a6a63514e56260ff7f Mon Sep 17 00:00:00 2001
From: Will Chen <willchen90@gmail.com>
Date: Tue, 29 Apr 2025 16:44:31 -0700
Subject: [PATCH] try 3: windows sign config (#52)

---
 .github/workflows/release.yml | 1 +
 forge.config.ts               | 6 ++----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d4c6545..b59c4fc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,6 +53,7 @@ jobs:
           echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" 
           echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
           echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+          smctl windows certsync --keypair-alias=${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
         shell: bash
       - name: Code signing with Software Trust Manager
         if: contains(matrix.os.name, 'windows')
diff --git a/forge.config.ts b/forge.config.ts
index 2fc98bc..d0ba8b8 100644
--- a/forge.config.ts
+++ b/forge.config.ts
@@ -67,12 +67,10 @@ const config: ForgeConfig = {
   makers: [
     new MakerSquirrel({
       windowsSign: {
-        // signWithParams:
-        // '/csp "DigiCert Signing Manager KSP" /kc <keypair_alias> /f <certificate_file> /tr http://timestamp.digicert.com /td SHA256 /fd SHA256',
         certificateFile: process.env.SM_CLIENT_CERT_FILE,
         certificatePassword: process.env.SM_CLIENT_CERT_PASSWORD,
-        signToolPath:
-          "C:\\Program Files\\DigiCert\\DigiCert Keylocker Tools\\smctl.exe",
+        // signToolPath:
+        //   "C:\\Program Files\\DigiCert\\DigiCert Keylocker Tools\\smctl.exe",
         signWithParams: `/sha1 ${process.env.SM_CODE_SIGNING_CERT_SHA1_HASH} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`,
       },
     }),