chore(desktop): add windows code signing server config

config/CN/.env.development

@@ -25,6 +25,7 @@ APPLE_API_KEY=
 
 WINDOWS_CODE_SIGNING_CA_PATH=
 WINDOWS_CODE_SIGNING_CA_PASSWORD=
+WINDOWS_CODE_SIGNING_SERVER=
 
 ARTIFACTS_ALIBABA_CLOUD_OSS_BUCKET=
 ARTIFACTS_ALIBABA_CLOUD_OSS_REGION=

config/CN/.env.production

@@ -25,6 +25,7 @@ APPLE_API_KEY=
 
 WINDOWS_CODE_SIGNING_CA_PATH=
 WINDOWS_CODE_SIGNING_CA_PASSWORD=
+WINDOWS_CODE_SIGNING_SERVER=
 
 ARTIFACTS_ALIBABA_CLOUD_OSS_BUCKET=
 ARTIFACTS_ALIBABA_CLOUD_OSS_REGION=

desktop/main-app/scripts/pack/index.js

@@ -64,7 +64,13 @@ const buildElectron = async () => {
     }
 
     if (buildType === "win") {
-        if (
+        if (process.env.WINDOWS_CODE_SIGNING_SERVER) {
+            config.win = {
+                ...config.win,
+                sign: "./scripts/pack/sign.js",
+                signDlls: true,
+            };
+        } else if (
             process.env.WINDOWS_CODE_SIGNING_CA_PATH &&
             process.env.WINDOWS_CODE_SIGNING_CA_PASSWORD
         ) {

desktop/main-app/scripts/pack/sign.js

@@ -0,0 +1,55 @@
+const fs = require("fs");
+const crypto = require("crypto");
+const { basename } = require("path");
+
+const API = process.env.WINDOWS_CODE_SIGNING_SERVER;
+if (!API) {
+    throw new Error('please set process.env.SIGN_SERVER before signing');
+}
+
+/** @type {import('app-builder-lib').CustomWindowsSign} */
+module.exports = async function sign({ path, hash, isNest }) {
+    let resp;
+
+    const fileHash = await computeHash(path);
+    resp = await fetch(`${API}/exists`, { method: "POST", body: fileHash });
+    if (!resp.ok) {
+        throw new Error(await resp.text());
+    }
+
+    const exist = await resp.json();
+    const body = new FormData();
+    if (exist) {
+        body.append("file", fileHash);
+    } else {
+        body.append("file", await fileAsBlob(path), basename(path));
+    }
+    body.append("hash", hash);
+    body.append("isNest", isNest ? "1" : "");
+
+    resp = await fetch(`${API}/sign`, { method: "POST", body });
+
+    if (!resp.ok) {
+        throw new Error(await resp.text());
+    }
+
+    const arrayBuffer = await resp.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+    await fs.promises.writeFile(path, buffer);
+};
+
+async function fileAsBlob(path) {
+    const buffer = await fs.promises.readFile(path);
+    return new Blob([buffer]);
+}
+
+function computeHash(path) {
+    return new Promise(resolve => {
+        const hash = crypto.createHash("md5");
+        const input = fs.createReadStream(path);
+        input.on("readable", () => {
+            const data = input.read();
+            data ? hash.update(data) : resolve(hash.digest("hex"));
+        });
+    });
+}

desktop/main-app/src/utils/ipc-actions.ts

@@ -47,7 +47,11 @@ const windowActionAsync = (customWindow: CustomWindow): ipc.WindowActionAsync =>
             }
 
             window.setSize(args.width, args.height);
-            window.setTrafficLightPosition(args.trafficLightPosition || { x: 5, y: 12 });
+
+            // There's no such method on Windows.
+            if (window.setTrafficLightPosition) {
+                window.setTrafficLightPosition(args.trafficLightPosition || { x: 5, y: 12 });
+            }
 
             if (args.autoCenter) {
                 window.center();