From e570ce580afa981d3cf7750bea1d129309b48a06 Mon Sep 17 00:00:00 2001
From: Rob Mensching <rob@firegiant.com>
Date: Tue, 12 Sep 2023 14:08:34 -0700
Subject: Update to latest signing infrastructure

Fixes 7546
---
 .github/workflows/build.yml | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to '.github')

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 47297ac5..4d10017e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,6 +24,9 @@ jobs:
   build:
     name: Build
     runs-on: windows-2022
+    permissions:
+      packages: write
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -34,6 +37,11 @@ jobs:
       #   shell: cmd
       #   run: ./src/vs_config.cmd
 
+      - name: Install sign tool
+        if: (github.ref == 'refs/heads/master')
+        shell: cmd
+        run: dotnet tool install --tool-path build\.tools sign --version 0.9.1-beta.23356.1
+
       - name: Configure automated logging and crash dumps
         shell: cmd
         run: |
@@ -46,13 +54,22 @@ jobs:
           reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpCount /d 10 /f
           reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpType /d 1
 
+      - name: 'Az CLI login'
+        if: (github.ref == 'refs/heads/master')
+        uses: azure/login@v1
+        with:
+          allow-no-subscriptions: true
+          client-id: ${{ secrets.WIX_SIGNING_CLIENTID }}
+          tenant-id: ${{ secrets.WIX_SIGNING_TENANTID }}
+          subscription-id: ${{ secrets.WIX_SIGNING_SUBSCRIPTIONID }}
+
       - name: Build wix4
         shell: cmd
         run: ./src/build_official.cmd
         env:
           RuntimeTestsEnabled: true
-          SigningUser:  ${{ github.ref == 'refs/heads/master' && secrets.WIX_SIGNING_USER || '' }}
-          SigningSecret:  ${{ github.ref == 'refs/heads/master' && secrets.WIX_SIGNING_SECRET || '' }}
+          SigningVaultUri:  ${{ github.ref == 'refs/heads/master' && secrets.WIX_SIGNING_VAULTURI || '' }}
+          SigningCertName:  ${{ github.ref == 'refs/heads/master' && secrets.WIX_SIGNING_CERTNAME || '' }}
 
       - name: Validate test results
         shell: cmd
-- 
cgit v1.2.3-55-g6feb