From b7f4c0f485950e77a25aaad648387d5bb7681c38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Sch=C3=BCrmann?= <daschuer@mixxx.org>
Date: Wed, 27 Dec 2023 22:37:08 +0100
Subject: [PATCH] Add Azure code signing for the Windows Qt plugins

---
 .github/workflows/build.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e33e9b3c74228..fee99cc75784a8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -158,6 +158,26 @@ jobs:
         timestamp-rfc3161: http://timestamp.acs.microsoft.com
         timestamp-digest: SHA256
         timeout: 600
+        
+    - name: "[Windows] Sign release plugins"
+      env:
+        AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      if: runner.os == 'Windows' && env.AZURE_TENANT_ID
+      uses: azure/azure-code-signing-action@v0.2.22
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: https://weu.codesigning.azure.net/
+        code-signing-account-name: mixxx
+        certificate-profile-name: mixxx
+        files-folder: ${{ matrix.vcpkg_path }}/installed/${{ matrix.vcpkg_triplet }}/plugins
+        files-folder-filter: dll
+        files-folder-recurse: true
+        file-digest: SHA256
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+        timeout: 600
 
     - name: Upload GitHub Actions artifacts of build logs
       if: always()