Create AppVeyor pipeline for signing Windows installer

[jgadsden]

Describe what problem your feature request solves: As of July 2023 the Certificate Authority/Brower Forum’s CA/B Forum requires all code signing private keys be stored on secure hardware. The cost is prohibitive, $175 to $250 per year

Describe the solution you'd like: Windows installer signed

Additional context: The How to Sign a Windows App in Electron Builder describes what needs to be done to sign the Threat Dragon application. The existing certificate runs out on 20th February 2024

[assarbad]

Hey, chances are you can get it free of charge from signpath.io if you qualify. I am in the process of signing up my own project there and they require CI so as to be transparent about the build artifacts being signed. Alternatively for Open Source Certum from Poland offers code-signing certificates. The first one is more expensive as it includes a smartcard reader and smartcard (AFAIK they don't allow third-party ones), but after the first year it's 25 €/year.

The above requirement has been the case for EV somewhat longer and they had even postponed the hardware requirement for normal class 3 certificates (IIRC originally end of 2022).

[jgadsden]

Thanks @assarbad this seems to be just what we need The existing certificate runs out on the 20th of this month, just enough time to get version 2.1.4 ut the door but after that nothing so far

[jgadsden]

email sent to support@signpath.io , and they have agreed to consider code signing Threat Dragon. Currently SignPath only support AppVeyor pipelines, so we need to create a pipeline within AppVeyor that can access the github repo and create the Windows installer image - which can then be signed by SignPath.