open-source software certs for Windows signing pipeline

OWASP · Dec 3, 2024 · 27b8410 · 27b8410
1 parent aa7a5bd
commit 27b8410
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/release-windows.yaml b/.github/workflows/release-windows.yaml
@@ -35,9 +35,11 @@ jobs:
         run: npm clean-install
 
       - name: Build Windows executable
-        # code signing done later using Extended Verification (EV) with a hardware key
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # code signing using Extended Verification (EV) open source certificate
+          CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_OSS_CERT_PASSWORD}}
+          CSC_LINK:  ${{ secrets.WINDOWS_OSS_CERT }}
         run: npm run build:desktop -- --windows --publish always
 
       - name: Save SBOM artifact