Open marstamm opened 2 months ago
As part of this change we want to migrate the certificate handling over to vault (cf. https://github.com/bpmn-io/internal-docs/issues/802).
Reached out to internally (IT) for further investigation.
Shared updated certificate with @marstamm; you should now be unblocked to work on this issue.
Cross-posting my assessment (yesterday) here:
Status update (quick check with Tim):
There is new restrictions to work with code signing certificates, effectively enabled with June 1, 2023 Code signing can only happen via dedicated signing APIs (similar to MacOS notarization) > and/or via hardware tokens
- We ordered a hardware token which is not usable for our cases (CI/CD-based code signing)
- We need to investigate (ref) how to do signing on our CI using the newly enforced restrictions
Let's look into the linked material as well as the electron builder docs to figure out what we need to change. At the moment I see the next release slightly at risk, but then again it is just a minor we can skip or postpone (for Windows).
Summary update from internal Slack:
[Update] We disabled Code signing on Windows for now. @philippfromme has the physical token for backup signing. DigiCert purchase is still in progress
What should we do?
Update our Certificates we use to sign the application during the build process. The windows certs expired on Apr 11.
cf. https://github.com/camunda/camunda-modeler/actions/runs/8681071392
Why should we do it?
To ensure we can release the camunda modeler on windows