Skip to content

Commit

Permalink
ci: Sign Windows binaries only on tag push
Browse files Browse the repository at this point in the history 
  Our Windows installer includes a number of other binaries such as DLLs
  that need to be signed as well as our own executable.
  In total, we need to sign 24 files.

  Since our code signing certificate comes with a limited number of
  signatures and additional ones are costly, we'll sign binaries only
  when doing a release thus when building a tag.
  • Loading branch information
@taratatach
taratatach committed Oct 10, 2024
1 parent a30ae46 commit dd48e81
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .appveyor.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ before_build:
- ps: if ($env:BUILD_JOB -eq "build") { pwsh -NoProfile -ExecutionPolicy Unrestricted -Command .\build\windows\setup-keylocker.ps1 }

build_script:
- ps: $env:SKIP_CODE_SIGNING=($env:APPVEYOR_REPO_BRANCH -ne "master")
- ps: $env:SIGN_CODE=( ($env:APPVEYOR_REPO_BRANCH -eq "master" ) -and ($env:APPVEYOR_REPO_TAG -eq 'true') )
- ps: if ($env:BUILD_JOB -eq "build") { yarn dist }

artifacts:
Expand Down
2 changes: 1 addition & 1 deletion build/windows/customSign.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
'use strict'

exports.default = async function (configuration) {
if (process.env.SKIP_CODE_SIGNING === 'True') {
if (process.env.SIGN_CODE !== 'True') {
// eslint-disable-next-line no-console
console.log('Skipping code signing')
return
Expand Down

0 comments on commit dd48e81

Please sign in to comment.