From c5321dc831e3dd3e913cfec7df42aff8ef909778 Mon Sep 17 00:00:00 2001
From: "C.Lee Taylor" <leet@tari.com>
Date: Tue, 10 Sep 2024 14:05:05 +0200
Subject: [PATCH] ci(feature): add windows signed builds

---
 .github/workflows/build_binaries.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/build_binaries.yml b/.github/workflows/build_binaries.yml
index 23260d3..4456666 100644
--- a/.github/workflows/build_binaries.yml
+++ b/.github/workflows/build_binaries.yml
@@ -273,6 +273,24 @@ jobs:
             ${{ env.TARGET_BINS }} \
             ${{ matrix.builds.flags }} --locked
 
+      - name: Sign Windows files with Trusted Certificate
+        if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }}
+        env:
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+        uses: azure/trusted-signing-action@v0.4.0
+        with:
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: https://eus.codesigning.azure.net/
+          trusted-signing-account-name: Tari
+          certificate-profile-name: Tarilabs
+          files-folder: ${{ github.workspace }}/target/${{ matrix.builds.target }}/
+          files-folder-filter: exe,dll
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+
       - name: Copy binaries to folder for archiving
         shell: bash
         run: |