From 3280aee17a3da56685fe503dcf4ffe80f49095c1 Mon Sep 17 00:00:00 2001
From: Piotr Roszatycki <piotr.roszatycki@gmail.com>
Date: Mon, 10 Feb 2025 00:12:00 +0100
Subject: [PATCH] Sign Windows exe and msi files (#30)

---
 .github/workflows/release-nightly.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/release-nightly.yaml b/.github/workflows/release-nightly.yaml
index 9c0a214..4e86039 100644
--- a/.github/workflows/release-nightly.yaml
+++ b/.github/workflows/release-nightly.yaml
@@ -252,6 +252,19 @@ jobs:
           CSC_LINK: ${{ secrets.WIN_CSC_LINK }}
           CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }}
 
+      - name: Azure Trusted Signing (Windows x64)
+        if: runner.os == 'Windows' && matrix.arch == 'x64' && github.ref_name == 'main' && github.event_name != 'pull_request'
+        uses: azure/trusted-signing-action@v0.5.1
+        with:
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: ${{ vars.AZURE_ENDPOINT }}
+          trusted-signing-account-name: ${{ vars.AZURE_CODE_SIGNING_NAME }}
+          certificate-profile-name: ${{ vars.AZURE_CERT_PROFILE_NAME }}
+          files-folder: ${{ github.workspace }}\freelens\dist
+          files-folder-filter: exe,msi
+
       - name: Tweak binaries
         shell: bash
         run: |