Skip to content

feat: add Azure Trusted Signing support #658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 26, 2025
Merged

feat: add Azure Trusted Signing support #658

merged 2 commits into from
Jul 26, 2025

Conversation

faustbrian
Copy link
Contributor

Add configuration for Azure Trusted Signing service for Windows code signing. This includes credential settings and environment variable cleanup for Azure-related keys.

🤖 Generated with Claude Code

faustbrian and others added 2 commits July 21, 2025 11:01
@faustbrian @claude
feat: add Azure Trusted Signing support
17c9717 
Add configuration for Azure Trusted Signing service for Windows code signing.
This includes credential settings and environment variable cleanup for
Azure-related keys.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@faustbrian @claude
style: reorganize imports in DebugCommand
49a72b4 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@faustbrian faustbrian mentioned this pull request Jul 21, 2025
Open
@faustbrian
Copy link
Contributor Author

@simonhamp results from a GitHub Actions run with these changes (running off of my fork). Previously it would say signing with signtool.exe and now it says signing with Azure Trusted Signing (beta) when all the environment variables are set.

CleanShot 2025-07-21 at 12 05 56

@faustbrian
Copy link
Contributor Author

@simonhamp I've just verified that our builds that previously got flagged as Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk are now working fine without any warnings.

@simonhamp
Copy link
Member

See also NativePHP/electron#235

@gwleuverink
Copy link
Contributor

Hey @faustbrian awesome PR's! 🙏🏻

Are any of these newly introduced variables sensitive?
If they are it would make sense to add them here:

laravel/config/nativephp.php

Line 61 in 26d8402

'cleanup_env_keys' => [

We strip env variables ending with *_SECRET automatically.

@faustbrian
Copy link
Contributor Author

@gwleuverink I had already added them to the config file to be stripped out as they're all things that shouldn't be needed anywhere after signing.

@gwleuverink
Copy link
Contributor

Must have missed that. Perfect 👌

@simonhamp simonhamp merged commit 5f6b9d1 into NativePHP:main Jul 26, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simonhamp simonhamp simonhamp approved these changes

@gwleuverink gwleuverink gwleuverink approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@faustbrian @simonhamp @gwleuverink