UNPKG

@getvast/azure-sign-tool-electron-forge-plugin

Version:

This is an Electron Forge plugin designed to automatically sign files with an HSM certificate from Azure Key Vault (with AzureCodeSign), in the build process.

github.com/joris/azure-sign-tool-electron-forge-plugin

joris/azure-sign-tool-electron-forge-plugin

93 lines (92 loc) 4.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.ElectronForgeAzureSignToolPlugin = void 0; const plugin_base_1 = __importDefault(require("@electron-forge/plugin-base")); const child_process_1 = require("child_process"); class ElectronForgeAzureSignToolPlugin extends plugin_base_1.default { constructor(config) { super(config); this.name = "azure-sign-tool-electron-forge-plugin"; this.postMake = (forgeConfig, makeResults) => __awaiter(this, void 0, void 0, function* () { // console.log(`===== ${this.name}.postMake =====`); // console.log(JSON.stringify({ forgeConfig, makeResults }, null, 2)); return makeResults.map((data) => { const { artifacts, platform } = data; if (platform !== "win32") { return data; } // Example "artifacts": [ // "D:\\a\\desktop\\desktop\\out\\beta\\make\\squirrel.windows\\ia32\\RELEASES", // "D:\\a\\desktop\\desktop\\out\\beta\\make\\squirrel.windows\\ia32\\appname-4.2.18-beta-win32-ia32-beta-setup.exe", // "D:\\a\\desktop\\desktop\\out\\beta\\make\\squirrel.windows\\ia32\\appname-4.2.18-beta-full.nupkg" // ], artifacts.forEach((artifactPath) => { if (artifactPath.endsWith(".exe")) { this.sign(artifactPath, this.config); } }); return data; }); }); this.config = config; console.log(`===== loading ${this.name} =====`); console.log(JSON.stringify(config, null, 2)); if (!config.azureKeyVaultUri || !config.azureClientId || !config.azureTenantId || !config.azureClientSecret || !config.azureCertificateName) { throw new Error(`You did not provide all the required config variables to ${this.name}.\nCurrent values:\n${Object.keys(config) .map((key) => `${key}: ${config[key]}`) .join("\n")}`); } } getHooks() { return { postMake: [this.postMake] }; } sign(path, config) { const execSyncSettings = { stdio: "inherit", encoding: "utf8", // env: { // ...process.env, // }, }; const { azureKeyVaultUri, azureClientId, azureTenantId, azureClientSecret, azureCertificateName, } = this.config; console.log("Signing: " + path); try { (0, child_process_1.execSync)(`AzureSignTool sign \ --azure-key-vault-url "${azureKeyVaultUri}" \ --azure-key-vault-client-id "${azureClientId}" \ --azure-key-vault-tenant-id "${azureTenantId}" \ --azure-key-vault-client-secret "${azureClientSecret}" \ --azure-key-vault-certificate ${azureCertificateName} \ --timestamp-rfc3161 http://timestamp.digicert.com \ --verbose \ ${path}`, execSyncSettings); } catch (e) { console.log("Error in signFile"); if (e instanceof Error) { console.log(e.message); throw new Error(e.message); } else { throw e; } } } } exports.ElectronForgeAzureSignToolPlugin = ElectronForgeAzureSignToolPlugin;