influxdata · ivorybilled · Feb 11, 2021 · Feb 5, 2021 · Feb 5, 2021 · Feb 5, 2021
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,5 +1,6 @@
 version: 2.1
-
+orbs:
+  win: circleci/windows@2.2.0  
 executors:
   go-1_14:
     working_directory: '/go/src/github.com/influxdata/telegraf'
@@ -64,6 +65,11 @@ commands:
       - store_artifacts:
           path: './build/dist'
           destination: 'build/dist'
+      - persist_to_workspace:
+          root: '/build/dist'
+          paths:
+            - '*'
+
 jobs:
   deps:
     executor: go-1_15
@@ -143,49 +149,53 @@ jobs:
     steps:
       - package:
           nightly: true
+  windows-signing:
+    executor:
+        name: win/default
+        shell: powershell.exe
+    steps:
+      - attach_workspace:
+          at: '/build/dist'
+      - run:
+          name: "Sign Windows Executables"
+          shell: powershell.exe
+          command: |
+            $tempCertFile = New-TemporaryFile
+
+            # Replace with method of retrieving cert and password.
+            $certText = $env:fakeWindowsCert
+            $CertPass = $env:fakeWindowsCertPass
+            $finalFileName = $tempCertFile.FullName
+            $certBytes = [Convert]::FromBase64String($certText)
+            [System.IO.File]::WriteAllBytes($finalFileName, $certBytes)
+            $CertPath = $finalFileName
+            $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPass)
 
+            # Replace with circleCI artifact path.
+            $artifactDirectory = "./build/dist"
+            $extractDirectory = $artifactDirectory + "\" + "extracted"
+            foreach ($file in get-ChildItem $artifactDirectory -recurse | where {$_.name -like "*windows*"} | select name) 
+            {
+                $artifact = $artifactPath + "\" + $file.Name
+                Expand-Archive -LiteralPath $artifact -DestinationPath $extractDirectory -Force
+
+                $subDirectoryPath = $extractDirectory + "\" + (Get-ChildItem -Path $extractDirectory | Select-Object -First 1).Name
+                $telegrafExePath = $subDirectoryPath + "\" + "telegraf.exe"
+                Set-AuthenticodeSignature -Certificate $Cert -FilePath  $telegrafExePath -TimestampServer http://timestamp.digicert.com
+                Compress-Archive -Path $subDirectoryPath -DestinationPath $artifact -Force
+                Remove-Item $extractDirectory -Force -Recurse
+            }
+            Remove-Item $finalFileName -Force
 workflows:
   version: 2
   check:
     jobs:
-      - 'macdeps':
-          filters:
-            tags:
-              only: /.*/
-      - 'deps':
-          filters:
-            tags:
-              only: /.*/
-      - 'test-go-1_14':
-          requires:
-            - 'deps'
-          filters:
-            tags:
-              only: /.*/
-      - 'test-go-1_14-386':
-          requires:
-            - 'deps'
-          filters:
-            tags:
-              only: /.*/
       - 'test-go-1_15':
           requires:
             - 'deps'
           filters:
             tags:
               only: /.*/
-      - 'test-go-1_15-386':
-          requires:
-            - 'deps'
-          filters:
-            tags:
-              only: /.*/
-      - 'test-go-darwin':
-          requires:
-            - 'macdeps'
-          filters:
-            tags: # only runs on tags if you specify this filter
-              only: /.*/
       - 'package':
           requires:
             - 'test-go-darwin'
@@ -205,6 +215,15 @@ workflows:
               only: /.*/
             branches:
               ignore: /.*/
+      - 'windows-signing':
+          requires:
+            - 'test-go-darwin'
+            - 'test-go-1_14'
+            - 'test-go-1_14-386'
+            - 'test-go-1_15'
+            - 'test-go-1_15-386'
+
+
   nightly:
     jobs:
       - 'deps'
@@ -237,4 +256,4 @@ workflows:
           filters:
             branches:
               only:
-                - master
+                - master