From 1b4fc88edfaf3b33df24f2370c3c281230113469 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 13 Feb 2025 14:30:53 +0000
Subject: [PATCH] Iterate

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 .github/workflows/build_windows.yaml | 64 +++++++++++++++-------------
 1 file changed, 34 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
index db3a7ab0..28985634 100644
--- a/.github/workflows/build_windows.yaml
+++ b/.github/workflows/build_windows.yaml
@@ -37,9 +37,6 @@ jobs:
         environment: ${{ inputs.sign && 'packages.element.io' || '' }}
         env:
             SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe"
-            ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.6/SSL.COM-eSigner-CKA_1.0.6.zip
-            INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
-            MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
             DEBUG: "electron-builder,electron-windows-sign"
         steps:
             - uses: nbucic/variable-mapper@0673f6891a0619ba7c002ecfed0f9f4f39017b6f
@@ -85,26 +82,26 @@ jobs:
 
             # ActiveTCL package on choco is from 2015,
             # this one is newer but includes more than we need
-            - name: Choco install tclsh
-              if: steps.cache.outputs.cache-hit != 'true'
-              shell: pwsh
-              run: |
-                  choco install -y magicsplat-tcl-tk --no-progress
-                  echo "${HOME}/AppData/Local/Apps/Tcl86/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+            #            - name: Choco install tclsh
+            #              if: steps.cache.outputs.cache-hit != 'true'
+            #              shell: pwsh
+            #              run: |
+            #                  choco install -y magicsplat-tcl-tk --no-progress
+            #                  echo "${HOME}/AppData/Local/Apps/Tcl86/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
-            - name: Choco install NetWide Assembler
-              if: steps.cache.outputs.cache-hit != 'true'
-              shell: pwsh
-              run: |
-                  choco install -y nasm --no-progress
-                  echo "C:/Program Files/NASM" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+            #            - name: Choco install NetWide Assembler
+            #              if: steps.cache.outputs.cache-hit != 'true'
+            #              shell: pwsh
+            #              run: |
+            #                  choco install -y nasm --no-progress
+            #                  echo "C:/Program Files/NASM" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
-            - name: Install Rust
-              if: steps.cache.outputs.cache-hit != 'true'
-              run: |
-                  rustup toolchain install stable --profile minimal --no-self-update
-                  rustup default stable
-                  rustup target add ${{ steps.config.outputs.target }}
+            #            - name: Install Rust
+            #              if: steps.cache.outputs.cache-hit != 'true'
+            #              run: |
+            #                  rustup toolchain install stable --profile minimal --no-self-update
+            #                  rustup default stable
+            #                  rustup target add ${{ steps.config.outputs.target }}
 
             - uses: actions/setup-node@v4
               with:
@@ -115,11 +112,11 @@ jobs:
             - name: Install Deps
               run: "yarn install --frozen-lockfile"
 
-            - name: Build Natives
-              if: steps.cache.outputs.cache-hit != 'true'
-              run: |
-                  refreshenv
-                  yarn build:native --target ${{ steps.config.outputs.target }}
+            #            - name: Build Natives
+            #              if: steps.cache.outputs.cache-hit != 'true'
+            #              run: |
+            #                  refreshenv
+            #                  yarn build:native --target ${{ steps.config.outputs.target }}
 
             - name: Install and configure eSigner CKA
               run: |
@@ -159,6 +156,10 @@ jobs:
 
                   echo "ED_SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
                   echo "ED_SIGNTOOL_SUBJECT_NAME=$SubjectName" >> $env:GITHUB_ENV
+              env:
+                  ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.6/SSL.COM-eSigner-CKA_1.0.6.zip
+                  INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
+                  MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
 
             - name: "[Nightly] Resolve version"
               if: inputs.version != ''
@@ -178,10 +179,13 @@ jobs:
               if: inputs.sign == ''
               run: |
                   Set-StrictMode -Version 'Latest'
-                  certutil.exe -addstore root ./.github/SSLcom-sandbox.crt
-              env:
-                  INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
-                  MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
+                  Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath ./.github/SSLcom-sandbox.crt
+
+            #            - name: Check signature is present
+            #              run: |
+            #                  $sigs = Get-AuthenticodeSignature (get-item ./dist/win-*unpacked/*.exe)
+            #                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)
+            #                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/*.msi)
 
             - name: Check app was signed successfully
               run: |