add sign

king-tri-ton · king-tri-ton · commit 5aaf7f1b1d80 · 2025-10-31T21:09:19.000+05:00
diff --git a/.github/workflows/build_and_scan.yml b/.github/workflows/build_and_scan.yml
@@ -19,7 +19,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: '3.13'
+        python-version: '3.12'
 
     - name: Install dependencies
       run: |
@@ -29,10 +29,20 @@ jobs:
 
     - name: Build EXE
       run: |
-        python -m PyInstaller --noupx --onefile --windowed --icon=python.ico --add-data "python.ico;." --add-data "python.png;." --name="PythonProjectMngr" app.py
+        python -m PyInstaller --clean --noupx --onefile --windowed --icon=python.ico --add-data "python.ico;." --add-data "python.png;." --name="PythonProjectMngr" app.py
       env:
         PYTHONIOENCODING: utf-8
 
+    - name: Restore code signing certificate
+      run: |
+        echo "${{ secrets.PFX_BASE64 }}" | certutil -decode - kingtriton.pfx
+      shell: powershell
+
+    - name: Sign EXE
+      run: |
+        signtool sign /f kingtriton.pfx /p "${{ secrets.PFX_PASSWORD }}" /tr http://timestamp.digicert.com /td sha256 /fd sha256 dist\PythonProjectMngr.exe
+      shell: powershell
+
     - name: Upload artifact
       uses: actions/upload-artifact@v4
       with:
@@ -43,4 +53,4 @@ jobs:
       uses: crazy-max/ghaction-virustotal@v4.0.0
       with:
         vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}
-        files: dist/PythonProjectMngr.exe
+        files: dist/PythonProjectMngr.exe
