From be389dab893e9ad2dca9782ca9b26905b3102511 Mon Sep 17 00:00:00 2001
From: Michael Gardner <michael.gardner@lexisnexisrisk.com>
Date: Fri, 12 Jan 2024 12:44:33 -0500
Subject: [PATCH] Attempt to use other cert & passphrase

Signed-off-by: Michael Gardner <michael.gardner@lexisnexisrisk.com>
---
 .github/workflows/build-assets.yml | 37 +++++++++++-------------------
 1 file changed, 13 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/build-assets.yml b/.github/workflows/build-assets.yml
index 1ad0cff67b4..b678a1cbc07 100644
--- a/.github/workflows/build-assets.yml
+++ b/.github/workflows/build-assets.yml
@@ -428,20 +428,17 @@ jobs:
           path: ./LN
 
       - name: "Create code signing"
+        if: ${{ contains(matrix.os,'windows') }}
         shell: "pwsh"
-        env:
-          SIGN_CERT: ${{ secrets.SIGN_CERT }}
-          SIGN_PW: ${{ secrets.SIGN_PW }}
         run: |
           mkdir -p ./sign
           cd sign
           $pfxPath = "hpcc_code_signing.pfx"
-          $encodedBytes = [System.Convert]::FromBase64String($env:SIGN_CERT)
+          $encodedBytes = [System.Convert]::FromBase64String("${{ secrets.SIGNING_CERTIFICATE }}")
           $currentDirectory = Get-Location
           $certificatePath = Join-Path -Path $currentDirectory -ChildPath $pfxPath
           [IO.File]::WriteAllBytes("$certificatePath", $encodedBytes)
-          echo ${env:SIGN_PW} > passphrase.txt
-          CertUtil -p ${env:SIGN_PW} hpcc_code_signing.pfx
+          CertUtil -p ${{ secrets.SIGNING_CERTIFICATE_PASSPHRASE }} hpcc_code_signing.pfx
 
       - name: "vcpkg Bootstrap"
         shell: "bash"
@@ -466,13 +463,12 @@ jobs:
           cmake -S ./HPCC-Platform -B ./build ${{ matrix.cmake_config_options }}
           cmake --build ./build ${{ matrix.cmake_build_options }} --target package
 
-      - name: Sign Packages
+      - name: Sign Windows Package
+        if: ${{ contains(matrix.os,'windows') }}
         shell: "pwsh"
-        env:
-          SIGN_PW: ${{ secrets.SIGN_PW }}
         run: |
           cd ./build
-          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../sign/hpcc_code_signing.pfx /p $env:SIGN_PW /t http://timestamp.digicert.com /fd SHA256 hpccsystems-clienttools*.exe
+          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../sign/hpcc_code_signing.pfx /p ${{ secrets.SIGNING_CERTIFICATE_PASSPHRASE }} /t http://timestamp.digicert.com /fd SHA256 hpccsystems-clienttools*.exe
 
       - name: Upload Assets
         uses: ncipollo/release-action@v1.12.0
@@ -490,13 +486,12 @@ jobs:
           cmake -S ./LN -B ./build ${{ matrix.cmake_config_options }}
           cmake --build ./build ${{ matrix.cmake_build_options }} --target package
 
-      - name: Sign LN Package
+      - name: Sign LN Windows Package
+        if: ${{ contains(matrix.os,'windows') }}
         shell: "pwsh"
-        env:
-          SIGN_PW: ${{ secrets.SIGN_PW }}
         run: |
           cd ./build
-          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../sign/hpcc_code_signing.pfx /p $env:SIGN_PW /t http://timestamp.digicert.com /fd SHA256 hpccsystems-clienttools*.exe
+          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../sign/hpcc_code_signing.pfx /p ${{ secrets.SIGNING_CERTIFICATE_PASSPHRASE }} /t http://timestamp.digicert.com /fd SHA256 hpccsystems-clienttools*.exe
 
       - name: Upload LN Assets
         uses: ncipollo/release-action@v1.12.0
@@ -588,21 +583,17 @@ jobs:
           dep_tag="${{ needs.preamble.outputs.community_tag }}"
           curl -sL -o hpccsystems-clienttools-${dep_tag}Windows-x86_64.exe https://github.com/hpcc-systems/HPCC-Platform/releases/download/${dep_tag}/hpccsystems-clienttools-${dep_tag}Windows-x86_64.exe
 
-      - name: "Create code sining"
+      - name: "Load code signing"
         shell: "pwsh"
-        env:
-          SIGN_CERT: ${{ secrets.SIGN_CERT }}
-          SIGN_PW: ${{ secrets.SIGN_PW }}
         run: |
           mkdir -p ./sign
           cd sign
           $pfxPath = "hpcc_code_signing.pfx"
-          $encodedBytes = [System.Convert]::FromBase64String($env:SIGN_CERT)
+          $encodedBytes = [System.Convert]::FromBase64String("${{ secrets.SIGNING_CERTIFICATE }}")
           $currentDirectory = Get-Location
           $certificatePath = Join-Path -Path $currentDirectory -ChildPath $pfxPath
           [IO.File]::WriteAllBytes("$certificatePath", $encodedBytes)
-          echo ${env:SIGN_PW} > passphrase.txt
-          CertUtil -p ${env:SIGN_PW} hpcc_code_signing.pfx
+          CertUtil -p ${{ secrets.SIGNING_CERTIFICATE_PASSPHRASE }} hpcc_code_signing.pfx
 
       - name: "Build ECLIDE"
         run: |
@@ -614,11 +605,9 @@ jobs:
 
       - name: Sign ECLIDE Package
         shell: "pwsh"
-        env:
-          SIGN_PW: ${{ secrets.SIGN_PW }}
         run: |
           cd ./ECLIDE/build
-          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../../sign/hpcc_code_signing.pfx /p $env:SIGN_PW /t http://timestamp.digicert.com /fd SHA256 hpccsystems-eclide*.exe
+          C:\"Program Files (x86)"\"Microsoft SDKs"\ClickOnce\SignTool\signtool.exe sign /debug /f ../../sign/hpcc_code_signing.pfx /p ${{ secrets.SIGNING_CERTIFICATE_PASSPHRASE}} /t http://timestamp.digicert.com /fd SHA256 hpccsystems-eclide*.exe
 
       - name: Upload Assets
         uses: ncipollo/release-action@v1.12.0