WARNING: This is a DRAFT project, and has not been built yet.

azure-sign-tool-electron-forge-plugin

I wanted to sign the Windows app that we’re building (www.recordonce.com) with an EV certificate in a Github Actions build pipeline.

This article provided 99% of the solution. But as Electron Forge does not use AzureCodeSign which is necessary to work with HSM and Azure Key Vault, I adapted another plugin (@burzo/electron-forge-ssl-code-sign-plugin) to hopefully fix that.

The code is heavily based on @burzo/electron-forge-ssl-code-sign-plugin.

Prerequisites

This plugin works with electron-forge version >=7.

Additionally, you need to install the AzureSignTool.

This plugin currently only supports building on Windows-based machines.

Installation

npm i --save-dev azure-sign-tool-electron-forge-plugin

or

yarn add --dev azure-sign-tool-electron-forge-plugin

Configuration

The plugin accepts the configuration variables that are used by this guide on how to sign code with an EV certificate. The variables correspond to AzureCodeSign’s paramaters.

Include the plugin in your Forge config as follows:

  ...,
  "plugins": [
    {
      name: "azure-sign-tool-electron-forge-plugin",
      config: {
        azureKeyVaultUri: "",
        azureClientId: "",
        azureTenantId: "",
        azureClientSecret: "",
        azureCertificateName: "",
      },
    },
  ],
  ...,

Contribution

Feel free to submit a PR :)