From e7572f3765451889a0ebfaad1112e5284d7dc91c Mon Sep 17 00:00:00 2001
From: rzmk <30333942+rzmk@users.noreply.github.com>
Date: Mon, 30 Sep 2024 16:21:40 -0400
Subject: [PATCH 1/2] ci: add signing step for qsv MSI installer

---
 .github/workflows/publish-wix-installer.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish-wix-installer.yml b/.github/workflows/publish-wix-installer.yml
index 77ac2d2f6..427a5d04b 100644
--- a/.github/workflows/publish-wix-installer.yml
+++ b/.github/workflows/publish-wix-installer.yml
@@ -71,7 +71,22 @@ jobs:
           rm wix/main.wxs
           cargo wix -I contrib/wix/app.wxs --nocapture
           cp target\wix\*.msi qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi
-          
+
+      - name: Sign qsv MSI installer file with Azure Trusted Signing
+        if: matrix.settings.platform == 'windows-latest'
+        uses: azure/trusted-signing-action@v0.4.0
+        with:
+            azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+            azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+            endpoint: ${{ secrets.AZURE_ENDPOINT }}
+            trusted-signing-account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_NAME }}
+            certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+            files: qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi
+            file-digest: SHA256
+            timestamp-rfc3161: http://timestamp.acs.microsoft.com
+            timestamp-digest: SHA256
+            
       - name: Upload zipped binaries to release
         uses: svenstaro/upload-release-action@v2
         with:

From d4916fa8e3c92d923f6b5ddfb9377e4924634379 Mon Sep 17 00:00:00 2001
From: rzmk <30333942+rzmk@users.noreply.github.com>
Date: Mon, 30 Sep 2024 16:22:47 -0400
Subject: [PATCH 2/2] `ci`: remove unnecessary conditional check for Windows
 runner

[skip ci]
---
 .github/workflows/publish-wix-installer.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish-wix-installer.yml b/.github/workflows/publish-wix-installer.yml
index 427a5d04b..37788c35d 100644
--- a/.github/workflows/publish-wix-installer.yml
+++ b/.github/workflows/publish-wix-installer.yml
@@ -73,7 +73,6 @@ jobs:
           cp target\wix\*.msi qsv-${{ needs.analyze-tags.outputs.previous-tag }}.msi
 
       - name: Sign qsv MSI installer file with Azure Trusted Signing
-        if: matrix.settings.platform == 'windows-latest'
         uses: azure/trusted-signing-action@v0.4.0
         with:
             azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}