From c6b8f774488d4787ec460baf5d5e38353b904576 Mon Sep 17 00:00:00 2001
From: Will Chen <willchen90@gmail.com>
Date: Tue, 29 Apr 2025 21:30:25 -0700
Subject: [PATCH] Try #6: windows code signing

---
 .github/workflows/release.yml |  6 +-----
 forge.config.ts               | 20 ++++----------------
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 91e6996..5d38d9f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -57,14 +57,10 @@ jobs:
       - name: Code signing with Software Trust Manager
         if: contains(matrix.os.name, 'windows')
         uses: digicert/ssm-code-signing@v1.0.0
-      - name: Sync certificate (Windows)
-        if: contains(matrix.os.name, 'windows')
-        run: |
-          smctl windows certsync --keypair-alias=${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
-        shell: bash
       # Publish (all platforms)
       - name: Publish app
         env:
+          DIGICERT_KEYPAIR_ALIAS: ${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
diff --git a/forge.config.ts b/forge.config.ts
index 34b9dfa..b1710bc 100644
--- a/forge.config.ts
+++ b/forge.config.ts
@@ -40,20 +40,6 @@ const ignore = (file: string) => {
   return true;
 };
 
-console.log("process.env.SM_CLIENT_CERT_FILE", process.env.SM_CLIENT_CERT_FILE);
-console.log(
-  "process.env.SM_CLIENT_CERT_FILE - resolved path",
-  path.resolve(process.env.SM_CLIENT_CERT_FILE!)
-);
-console.log(
-  "process.env.SM_CLIENT_CERT_FILE - resolved path - exists",
-  fs.existsSync(path.resolve(process.env.SM_CLIENT_CERT_FILE!))
-);
-console.log(
-  "process.env.SM_CLIENT_CERT_PASSWORD - length",
-  process.env.SM_CLIENT_CERT_PASSWORD?.length
-);
-
 const config: ForgeConfig = {
   packagerConfig: {
     protocols: [
@@ -83,8 +69,10 @@ const config: ForgeConfig = {
   makers: [
     new MakerSquirrel({
       windowsSign: {
-        certificateFile: process.env.SM_CLIENT_CERT_FILE,
-        certificatePassword: process.env.SM_CLIENT_CERT_PASSWORD,
+        signWithParams: `/csp "DigiCert Signing Manager KSP" /kc ${process.env.DIGICERT_KEYPAIR_ALIAS} /f ${process.env.SM_CLIENT_CERT_FILE} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`,
+
+        // certificateFile: process.env.SM_CLIENT_CERT_FILE,
+        // certificatePassword: process.env.SM_CLIENT_CERT_PASSWORD,
         // signToolPath:
         //   "C:\\Program Files\\DigiCert\\DigiCert Keylocker Tools\\smctl.exe",
         // signWithParams: `/sha1 ${process.env.SM_CODE_SIGNING_CERT_SHA1_HASH} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256`,