Add code signing (#76)

.github/workflows/package.yaml

@@ -4,17 +4,17 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version number that will appear in the exe name'
+        description: 'Version number (*.*.*), no prefix'
         required: true
         type: string
       branch:
-        description: 'the branch used to create the installer'
+        description: 'the branch to checkout'
         required: true
         type: string
 
 jobs:
-  create-installer:
-    name: Build
+  build:
+    name: Build, package and Sign
     runs-on: windows-latest
 
     steps:
@@ -33,18 +33,54 @@ jobs:
     - name: Build
       run: dotnet build --configuration Release --no-restore
 
-    - name: publish
+    - name: Publish
       run: dotnet publish -p:PublishProfile=FolderProfile.pubxml
-
-    - name: package
+
+      #upload the main exe so it can be signed
+    - name: Upload app exe
+      id: upload-exe
+      uses: actions/upload-artifact@v4
+      with:
+        name: COMPASS_exe
+        path: .\src\bin\Publish\win-x64\COMPASS.exe
+
+    - name: remove unsigned exe
+      shell: pwsh
+      run: rm .\src\bin\Publish\win-x64\COMPASS.exe
+
+    - name: Sign app
+      id: signing-app
+      uses: signpath/github-action-submit-signing-request@v1
+      with:
+        api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
+        organization-id: 2f2c8b60-b250-4dd2-8827-045fa9cc65e6
+        project-slug: COMPASS
+        signing-policy-slug: release-signing 
+        github-artifact-id: ${{steps.upload-exe.outputs.artifact-id}}
+        wait-for-completion: true
+        output-artifact-directory: .\src\bin\Publish\win-x64\
+
+    - name: Package
       run: iscc Deployment/install.iss
 
     - name: Upload installer
+      id: upload-installer
       uses: actions/upload-artifact@v4
       with:
         name: COMPASS_Installer
         path: .\Deployment\Versions\${{ inputs.version }}\COMPASS_Setup_${{ inputs.version }}.exe
 
+    - name: Sign installer
+      uses: signpath/github-action-submit-signing-request@v1
+      with:
+        api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
+        organization-id: 2f2c8b60-b250-4dd2-8827-045fa9cc65e6
+        project-slug: COMPASS
+        signing-policy-slug: release-signing
+        github-artifact-id: ${{steps.upload-installer.outputs.artifact-id}}
+        wait-for-completion: false
+
+
 
 
 

README.md

@@ -39,17 +39,13 @@ COMPASS solves this problem by bringing all of your resources together in one pl
 - Have **Quick Access** to your books thanks to the Home view which lists your favorites, recently opened, most opened and recently added books for your convenience.
 - **Group** your books into collections. Each collection has their own list of tags, authors, ect. and helps you keep an overview by reducing the amount of books that are on your screen at once.
 
-## :warning: Why am I getting warnings from Windows and Virus scanners when installing COMPASS?
-
-The COMPASS files are not digitally signed which results in these kinds of warnings. Signing code is expensive, requires a bunch of paperwork and is just not worth it for a small project like this. If this project ever takes off and gains a large amount of users, I will look into this again. If you do not trust the executable, you can always build the code from source. To do so, simply clone the repo, install Visual Studio, open the solution file and and either build in release mode or publish.
-
 ## :construction: Contributing
 
 I created this project to solve a problem I had and as a learning opportunity. I eventually chose to release it publicly and open source because I believe others might find it useful as well. If you like this project and would like to contribute, there are many ways you can do so.
 
 - If you find a bug, please open a github issue and report it there so it can be fixed. If you don't have a github account, you can also join the [discord](https://discord.gg/HawGMJgS9Y) and share it there. Please include a clear explanation of the nature of the bug and if possible steps to reproduce it.
 - If you have ideas for new features or improvements, you can put those in a github issue as well.
-- As for code contributions and pull requests, please check out the issues labeled with "help wanted". All pull requests should be made against the dev branch. Dev gets merged into master with every new release. I will not be accepting PR's for anyting besided those issues. There are many reasons for this but [this video](https://www.youtube.com/watch?v=YIL5fuAUPiA) summarizes it pretty well. 
+- As for code contributions and pull requests, please check out the issues labeled with "help wanted". All pull requests should be made against the dev branch. Dev gets merged into master with every new release. I will not be accepting PR's for anything besides those issues. If you really want to implement a feature, open a features request first and we can talk about it.
 
 ## :heart: Support the project
 
@@ -66,3 +62,13 @@ If you would like to support the project, you can do so in multiple ways.
 ![Card Layout](Docs/Screenshots/Card_Layout.png)
 ![Tile Layout](Docs/Screenshots/Tile_Layout.png)
 ![Codex Properties](Docs/Screenshots/Codex_Properties.png)
+
+## Other
+
+### Code signing
+
+This program uses a free code signing provided by [SignPath.io](https://signpath.io), and a free code signing certificate by the [SignPath Foundation](https://signpath.org).
+
+### Privacy Policy
+
+This program will not transfer any information to other networked systems unless specifically requested by the user or the person installing or operating it.