feat(build): timestamp signed file built via CMake

[Swiftb0y]

Previously only builds generated by our github actions CI
were timestamped.

I still don't have a windows build environment to test/verify this works as intended.

Do we actually use the signing code in your CMakeLists.txt?

[JoergAtGithub]

I tried this, PR on a local build. But as far I understood it, the timestamping code is only executed, when WINDOWS_CODESIGN is ON. But than it requires also WINDOWS_CODESIGN_CERTIFICATE_PATH and WINDOWS_CODESIGN_CERTIFICATE_PASSWORD which I don't have:

[daschuer]

I do not really understand why we have both, code signing in the build.yml and in CMakeLists.txt.
But at least this PR looks reasonable.

[daschuer]

On the Main branch I see:

2022-06-25T21:27:03.9783716Z ##[group]Run signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /f $Env:WINDOWS_CODESIGN_CERTIFICATE_PATH /p $Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD *.msi
2022-06-25T21:27:03.9786361Z �[36;1msigntool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /f $Env:WINDOWS_CODESIGN_CERTIFICATE_PATH /p $Env:WINDOWS_CODESIGN_CERTIFICATE_PASSWORD *.msi�[0m

But I did not find

Signining target mixxx.exe

This should be the output form the CMakeLists.txt

Is the exe signed, or only the installer?

[daschuer]

Ah, there is:

2022-06-25T21:16:34.5245381Z Successfully signed: D:/a/mixxx/mixxx/build/mixxx.exe

[daschuer]

Do we actually use the signing code in your CMakeLists.txt?

Yes, one is the mixxx.exe and one the resulting msi. I think it is correct to have both.

Thank you for taking care!