attempt unzip/zip

davegarthsimpson · davegarthsimpson · commit c2181cf95e94 · 2024-06-29T18:06:27.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -437,7 +437,7 @@ jobs:
           name: ${{ env.JOB_TRANSFER_ARTIFACT }}
           path: ${{ env.BUILD_ARTIFACTS_PATH }}
 
-      - name: Find and process artifacts
+      - name: Find and process exe and msi artifacts
         shell: bash
         env:
           CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
@@ -463,6 +463,31 @@ jobs:
             fi
           done
 
+      - name: Sign "Arduino IDE.exe" in .zip and rezip
+        shell: cmd
+        env:
+          CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
+          CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }}
+        run: |
+          setlocal enabledelayedexpansion
+          cd "%BUILD_ARTIFACTS_PATH%"
+          for %%F in (*_unsigned.zip) do (
+            set "zipfile=%%F"
+            set "dirname=%%~nF"
+            set "newzipfile=%%~nF"
+            set "newzipfile=!newzipfile:_unsigned=!.zip"
+            
+            mkdir "!dirname!"
+            tar -xf "!zipfile!" -C "!dirname!"
+            pushd "!dirname!"
+            
+            "%SIGNTOOL_PATH%" sign -d "Arduino IDE" -f "%INSTALLER_CERT_WINDOWS_CER%" -csp "eToken Base Cryptographic Provider" -k "[{{%CERT_PASSWORD%}}]=%CONTAINER_NAME%" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "Arduino IDE.exe"
+            
+            popd
+            tar -a -cf "!newzipfile!" "!dirname!"
+            rmdir /s /q "!dirname!"
+          )
+
       - name: Upload signed EXE
         uses: actions/upload-artifact@v3
         with:
