To make it easier to deploy GGShield on Windows, this PR makes the release process produce a signed standalone Windows binary, similar to the macOS one.
What has been done
First commit refactors scripts/build-os-packages/build-os-packages to make room for Windows-specific signing code.
Second commit implements Windows signing code.
Third commit adds the signed binaries to the release assets.
Validation
Trigger the Build release assets CI workflow on the agateau/sign-windows-binaries branch. Tick the "Release mode" check box.
From a Windows machine:
Download the Windows asset.
Unpack it.
Double-click on ggshield.exe: no scary "Windows has prevented you from opening this file" popup should appear.
Right-click on ggshield.exe, select Properties. There should be a "Digital signatures" tabs like this:
PR check list
[ ] As much as possible, the changes include tests (unit and/or functional)
[x] If the changes affect the end user (new feature, behavior change, bug fix) then the PR has a changelog entry (see doc/dev/getting-started.md). If the changes do not affect the end user, then the skip-changelog label has been added to the PR.
Context
To make it easier to deploy GGShield on Windows, this PR makes the release process produce a signed standalone Windows binary, similar to the macOS one.
What has been done
First commit refactors
scripts/build-os-packages/build-os-packages
to make room for Windows-specific signing code.Second commit implements Windows signing code.
Third commit adds the signed binaries to the release assets.
Validation
agateau/sign-windows-binaries
branch. Tick the "Release mode" check box.ggshield.exe
: no scary "Windows has prevented you from opening this file" popup should appear.ggshield.exe
, select Properties. There should be a "Digital signatures" tabs like this:PR check list
skip-changelog
label has been added to the PR.