From aa7a5bd84f78c3d71c816d0cfd504c883a6b2a8a Mon Sep 17 00:00:00 2001
From: Jon Gadsden <jon.gadsden@owasp.org>
Date: Tue, 3 Dec 2024 14:46:31 +0000
Subject: [PATCH] provide open-source software certs for Windows signing

---
 .github/workflows/release.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b3332128..df7a8d55 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -157,9 +157,11 @@ jobs:
         run: npm clean-install
 
       - name: Build Windows executable
-        # code signing done later using Extended Verification (EV) with a hardware key
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # code signing using Extended Verification (EV) open source certificate
+          CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_OSS_CERT_PASSWORD}}
+          CSC_LINK:  ${{ secrets.WINDOWS_OSS_CERT }}
         run: npm run build:desktop -- --windows --publish always
 
       - name: Save SBOM artifact