From fbcc5754437d82c3c2def354d237d3dcf1186218 Mon Sep 17 00:00:00 2001
From: Petr Gadorek <petr.gadorek@espressif.com>
Date: Wed, 4 Dec 2024 16:21:59 +0100
Subject: [PATCH] signing windows binaries

---
 .github/workflows/build_rust.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/build_rust.yaml b/.github/workflows/build_rust.yaml
index 5821806..f13deb2 100644
--- a/.github/workflows/build_rust.yaml
+++ b/.github/workflows/build_rust.yaml
@@ -83,6 +83,18 @@ jobs:
         if: matrix.os == 'windows-latest'
         run: cp target/release/eim.exe release/${{ matrix.package_name }}/eim.exe
 
+      - name: Sign Windows Binary
+        if: matrix.platform == 'windows-latest'
+        env:
+          WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
+          WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
+          WINDOWS_SIGN_TOOL_PATH: 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\signtool.exe'
+        run: |
+          echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
+          certutil -decode cert.b64 cert.pfx
+          Remove-Item cert.b64
+          & "$env:WINDOWS_SIGN_TOOL_PATH" sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release/${{ matrix.package_name }}/eim.exe
+
       - name: Copy binary to release directory POSIX
         if: matrix.os != 'windows-latest'
         run: |