Skip to content

feat: add Azure Trusted Signing support #658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 26, 2025
Merged

Conversation

faustbrian
Copy link
Contributor

Add configuration for Azure Trusted Signing service for Windows code signing. This includes credential settings and environment variable cleanup for Azure-related keys.

🤖 Generated with Claude Code

faustbrian and others added 2 commits July 21, 2025 11:01
Add configuration for Azure Trusted Signing service for Windows code signing.
This includes credential settings and environment variable cleanup for
Azure-related keys.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@faustbrian
Copy link
Contributor Author

@simonhamp results from a GitHub Actions run with these changes (running off of my fork). Previously it would say signing with signtool.exe and now it says signing with Azure Trusted Signing (beta) when all the environment variables are set.

CleanShot 2025-07-21 at 12 05 56

@faustbrian
Copy link
Contributor Author

@simonhamp I've just verified that our builds that previously got flagged as Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk are now working fine without any warnings.

@simonhamp
Copy link
Member

See also NativePHP/electron#235

@gwleuverink
Copy link
Contributor

Hey @faustbrian awesome PR's! 🙏🏻

Are any of these newly introduced variables sensitive?
If they are it would make sense to add them here:

'cleanup_env_keys' => [

We strip env variables ending with *_SECRET automatically.

@faustbrian
Copy link
Contributor Author

@gwleuverink I had already added them to the config file to be stripped out as they're all things that shouldn't be needed anywhere after signing.

@gwleuverink
Copy link
Contributor

Must have missed that. Perfect 👌

@simonhamp simonhamp merged commit 5f6b9d1 into NativePHP:main Jul 26, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants