From 68f4f14ffe63c9e68662ab23654cf829f41c7ab5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Sch=C3=BCrmann?= <daschuer@mixxx.org>
Date: Sun, 24 Dec 2023 13:06:59 +0100
Subject: [PATCH 1/2] Add Azure code signing for the Windows release DLLs

---
 .github/workflows/build.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 60777bc28ef281..0e33e9b3c74228 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -139,6 +139,25 @@ jobs:
     - name: Build packages
       run: ./vcpkg install --vcpkg-root=${{ matrix.vcpkg_path }} --clean-after-build --recurse ${{ env.VCPKG_PACKAGES }}
       working-directory: ${{ matrix.vcpkg_path }}
+      
+    - name: "[Windows] Sign release DLLs"
+      env:
+        AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      if: runner.os == 'Windows' && env.AZURE_TENANT_ID
+      uses: azure/azure-code-signing-action@v0.2.22
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: https://weu.codesigning.azure.net/
+        code-signing-account-name: mixxx
+        certificate-profile-name: mixxx
+        files-folder: ${{ matrix.vcpkg_path }}/installed/${{ matrix.vcpkg_triplet }}/bin
+        files-folder-filter: dll
+        file-digest: SHA256
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+        timeout: 600
 
     - name: Upload GitHub Actions artifacts of build logs
       if: always()

From b7f4c0f485950e77a25aaad648387d5bb7681c38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Sch=C3=BCrmann?= <daschuer@mixxx.org>
Date: Wed, 27 Dec 2023 22:37:08 +0100
Subject: [PATCH 2/2] Add Azure code signing for the Windows Qt plugins

---
 .github/workflows/build.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e33e9b3c74228..fee99cc75784a8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -158,6 +158,26 @@ jobs:
         timestamp-rfc3161: http://timestamp.acs.microsoft.com
         timestamp-digest: SHA256
         timeout: 600
+        
+    - name: "[Windows] Sign release plugins"
+      env:
+        AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      if: runner.os == 'Windows' && env.AZURE_TENANT_ID
+      uses: azure/azure-code-signing-action@v0.2.22
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: https://weu.codesigning.azure.net/
+        code-signing-account-name: mixxx
+        certificate-profile-name: mixxx
+        files-folder: ${{ matrix.vcpkg_path }}/installed/${{ matrix.vcpkg_triplet }}/plugins
+        files-folder-filter: dll
+        files-folder-recurse: true
+        file-digest: SHA256
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+        timeout: 600
 
     - name: Upload GitHub Actions artifacts of build logs
       if: always()