Merge branch 'main' of https://github.com/zen-browser/desktop

.github/workflows/windows-alpha-build.yml

@@ -216,4 +216,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: windows-x64-obj-${{ matrix.generic == true && 'generic' || 'specific' }}
-          path: engine/obj-x86_64-pc-windows-msvc/dist
+          path: engine/obj-x86_64-pc-windows-msvc/

.gitignore

@@ -6,4 +6,6 @@ node_modules/
 .surfer/
 
 __pycache__/
-dist/
+dist/
+
+windsign-temp/

build/winsign/sign.ps1

@@ -0,0 +1,44 @@
+param(
+    [string]$RunID,
+    [string]$SignIdentity
+)
+
+$ErrorActionPreference = "Stop"
+
+echo "Preparing environment"
+mkdir windsign-temp -ErrorAction SilentlyContinue
+mkdir engine\obj-x86_64-pc-windows-msvc\ -ErrorAction SilentlyContinue
+
+pnpm surfer ci --brand alpha
+
+echo "Downloading from runner with ID $RunID"
+gh run download $RunID --pattern "windows-x64-obj-*" --dir windsign-temp
+
+function SignAndPackage($name) {
+    echo "Executing on $name"
+    rmdir engine\obj-x86_64-pc-windows-msvc\ -Recurse -ErrorAction SilentlyContinue
+    mv windsign-temp\windows-x64-obj-$name engine\obj-x86_64-pc-windows-msvc\
+    echo "Signing $name"
+    # Find all executables and dlls and sign them
+    Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Filter *.exe | % {
+        echo "Signing $_"
+        signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha1 /v $_.FullName
+    }
+    Get-ChildItem engine\obj-x86_64-pc-windows-msvc\ -Recurse -Filter *.dll | % {
+        echo "Signing $_"
+        signtool.exe sign /n "$SignIdentity" /t http://time.certum.pl/ /fd sha1 /v $_.FullName
+    }
+    echo "Packaging $name"
+    pnpm surfer package
+}
+
+SignAndPackage specific
+SignAndPackage generic
+
+# Cleaning up
+
+echo "All done!"
+Read-Host "Press Enter to continue"
+
+echo "Cleaning up" 
+rmdir windsign-temp -Recurse -ErrorAction SilentlyContinue