From 181e7942e66a2871e558d3a91f5377c4b0b132ca Mon Sep 17 00:00:00 2001
From: jamaa <90166+jamaa@users.noreply.github.com>
Date: Sun, 28 Sep 2025 12:12:22 +0200
Subject: [PATCH 1/5] add an action for signing the installer

---
 .github/workflows/release.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0ccefc7f..7563dbf4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,6 +53,17 @@ jobs:
       - name: Copy and rename installer file
         run: copy setup\release\BlueM.Wave_x64.msi BlueM.Wave_${{ steps.version.outputs.full }}_x64_setup.msi
         shell: cmd
+      - name: Sign installer
+        uses: skymatic/code-sign-action@v1
+        with:
+          certificate: '${{ secrets.CERTIFICATE }}'
+          password: '${{ secrets.PASSWORD }}'
+          certificatesha1: '${{ secrets.CERTHASH }}'
+          #certificatename: '${{ secrets.CERTNAME }}'
+          description: 'BlueM.Wave'
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: setup\release
+          recursive: true
       - name: Release
         uses: softprops/action-gh-release@v1
         with:

From 168e99e8ffb754e5b13e38fdc579e686a0bb1080 Mon Sep 17 00:00:00 2001
From: jamaa <90166+jamaa@users.noreply.github.com>
Date: Sun, 28 Sep 2025 12:45:04 +0200
Subject: [PATCH 2/5] fix path to files to sign

---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7563dbf4..9de7547a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,8 +62,8 @@ jobs:
           #certificatename: '${{ secrets.CERTNAME }}'
           description: 'BlueM.Wave'
           timestampUrl: 'http://timestamp.digicert.com'
-          folder: setup\release
-          recursive: true
+          folder: .
+          recursive: false
       - name: Release
         uses: softprops/action-gh-release@v1
         with:

From a1fd7efce174214729ba15f213880c91b87ae3a1 Mon Sep 17 00:00:00 2001
From: jamaa <90166+jamaa@users.noreply.github.com>
Date: Sun, 28 Sep 2025 13:07:20 +0200
Subject: [PATCH 3/5] try a different action

---
 .github/workflows/release.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9de7547a..5f42b7a1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,13 +54,12 @@ jobs:
         run: copy setup\release\BlueM.Wave_x64.msi BlueM.Wave_${{ steps.version.outputs.full }}_x64_setup.msi
         shell: cmd
       - name: Sign installer
-        uses: skymatic/code-sign-action@v1
+        uses: DanaBear/code-sign-action@v4
         with:
           certificate: '${{ secrets.CERTIFICATE }}'
           password: '${{ secrets.PASSWORD }}'
           certificatesha1: '${{ secrets.CERTHASH }}'
           #certificatename: '${{ secrets.CERTNAME }}'
-          description: 'BlueM.Wave'
           timestampUrl: 'http://timestamp.digicert.com'
           folder: .
           recursive: false

From 55d3e2fde750b0a873c53784c32f86e20bd046e4 Mon Sep 17 00:00:00 2001
From: jamaa <90166+jamaa@users.noreply.github.com>
Date: Sun, 28 Sep 2025 13:21:33 +0200
Subject: [PATCH 4/5] yet another one

---
 .github/workflows/release.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5f42b7a1..368f52e4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,15 +54,15 @@ jobs:
         run: copy setup\release\BlueM.Wave_x64.msi BlueM.Wave_${{ steps.version.outputs.full }}_x64_setup.msi
         shell: cmd
       - name: Sign installer
-        uses: DanaBear/code-sign-action@v4
+        uses: dlemstra/code-sign-action@v1
         with:
-          certificate: '${{ secrets.CERTIFICATE }}'
-          password: '${{ secrets.PASSWORD }}'
-          certificatesha1: '${{ secrets.CERTHASH }}'
-          #certificatename: '${{ secrets.CERTNAME }}'
-          timestampUrl: 'http://timestamp.digicert.com'
-          folder: .
+          certificate: "${{ secrets.CERTIFICATE }}"
+          password: "${{ secrets.CERTIFICATE_PASSWORD }}"
+          folder: "."
+          files: |
+            BlueM.Wave_${{ steps.version.outputs.full }}_x64_setup.msi
           recursive: false
+          description: "BlueM.Wave"
       - name: Release
         uses: softprops/action-gh-release@v1
         with:

From 432d13ecad3e0db00088740ac5268954e957bd78 Mon Sep 17 00:00:00 2001
From: jamaa <90166+jamaa@users.noreply.github.com>
Date: Sun, 28 Sep 2025 16:29:05 +0200
Subject: [PATCH 5/5] add todo comment

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 368f52e4..b891ad4e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,6 +54,7 @@ jobs:
         run: copy setup\release\BlueM.Wave_x64.msi BlueM.Wave_${{ steps.version.outputs.full }}_x64_setup.msi
         shell: cmd
       - name: Sign installer
+        # TODO: also sign the contents of the zip release!
         uses: dlemstra/code-sign-action@v1
         with:
           certificate: "${{ secrets.CERTIFICATE }}"