querymx · Jul 26, 2023
diff --git a/‎.eslintignore
+3-1 b/‎.eslintignore
+3-1
diff --git a/‎.github/workflows/release.yaml renamed to ‎.github/workflows/mac-release.yaml
+1-6 b/‎.github/workflows/release.yaml renamed to ‎.github/workflows/mac-release.yaml
+1-6
diff --git a/‎.github/workflows/win-release.yaml
+45 b/‎.github/workflows/win-release.yaml
+45
diff --git a/‎package-lock.json
+32-64 b/‎package-lock.json
+32-64
diff --git a/‎package.json
+4 b/‎package.json
+4
diff --git a/‎release/temp/.gitignore
+2 b/‎release/temp/.gitignore
+2
@@ -31,4 +31,6 @@ npm-debug.log.*
 # eslint ignores hidden directories by default:
 # https://github.com/eslint/eslint/issues/8429
 .erb
-.eslintrc.js
+.eslintrc.js
+
+sign.js
@@ -7,12 +7,7 @@ on:
 
 jobs:
   publish:
-    runs-on: ${{ matrix.os }}
-
-    strategy:
-      matrix:
-        os: [macos-latest, windows-2022]
-
+    runs-on: macos-latest
     steps:
       - name: Checkout git repo
         uses: actions/checkout@v3
 
@@ -0,0 +1,45 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  publish:
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v3
+
+      - name: Install Node and NPM
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: npm
+
+      - name: Download eSigner Signing Tool
+        run: Invoke-WebRequest -OutFile esigner.zip -Uri https://invisal.s3.ap-southeast-1.amazonaws.com/CodeSignTool-v1.2.7-windows.zip
+
+      - name: Unpack eSigner Signing Tool
+        run: Expand-Archive esigner.zip ./CodeSignTool-v1.2.7-windows
+
+      - name: Install and build
+        run: |
+          npm install
+          npm run postinstall
+          npm run build
+
+      - name: Publish releases
+        env:
+          # These values are used for auto updates signing
+          WINDOWS_SIGN_USER_NAME: ${{ secrets.WINDOWS_SIGN_USER_NAME }}
+          WINDOWS_SIGN_USER_PASSWORD: ${{ secrets.WINDOWS_SIGN_USER_PASSWORD }}
+          WINDOWS_SIGN_CREDENTIAL_ID: ${{ secrets.WINDOWS_SIGN_CREDENTIAL_ID }}
+          WINDOWS_SIGN_USER_TOTP: ${{ secrets.WINDOWS_SIGN_USER_TOTP }}
+
+          # This is used for uploading release assets to github
+          GH_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        run: |
+          npm exec electron-builder -- --publish always
@@ -193,6 +193,10 @@
       ]
     },
     "win": {
+      "signingHashAlgorithms": [
+        "sha256"
+      ],
+      "sign": "./sign.js",
       "target": [
         "nsis",
         "portable"
 
@@ -0,0 +1,2 @@
+*
+!.gitignore