TriliumNext · eliandoran · Jan 18, 2025 · Jan 18, 2025 · Jan 18, 2025 · Jan 18, 2025
diff --git a/.editorconfig b/.editorconfig
@@ -15,3 +15,9 @@ indent_size = 2
 indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+[*.yml]
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml
@@ -0,0 +1,34 @@
+inputs:
+  os:
+    description: "One of the supported platforms: macos, linux, windows"
+    required: true
+  arch:
+    description: "The architecture to build for: x64, arm64"
+    required: true
+  extension:
+    description: "Platform specific extension to build: dmg, deb, exe"
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Set up Python for appdmg to be installed
+      if: ${{ inputs.os == 'macos' }}
+      shell: bash
+      run: brew install python-setuptools
+    - name: Install dependencies
+      shell: cmd
+      run: npm ci
+    - name: Update build info
+      shell: cmd
+      if: false
+      run: npm run update-build-info
+    - name: Run electron-forge
+      shell: cmd
+      run: npm run make-electron -- --arch=${{ inputs.arch }}
+      env:
+        WINDOWS_SIGNTOOL_PATH: "C:\\ev_signer_trilium\\ev_signer_trilium.exe"
+        WINDOWS_SIGN_WITH_PARAMS: --executable
+    - uses: actions/upload-artifact@v4
+      with:
+        name: Artifacts
+        path: out/make
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -4,10 +4,11 @@ on:
     branches:
       - "feature/update**"
       - "feature/server_esm**"
+      - "feature/windows_signing"
     paths-ignore:
       - "docs/**"
       - ".github/workflows/main-docker.yml"
-  workflow_dispatch:    
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -19,16 +20,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch: [x64, arm64]
+        arch: [x64]
         os:
-          - name: macos
-            image: macos-latest
-            extension: dmg
-          - name: linux
-            image: ubuntu-latest
-            extension: deb
           - name: windows
-            image: windows-latest
+            image: win-signing
             extension: exe
     runs-on: ${{ matrix.os.image }}
     steps:
@@ -37,31 +32,15 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-      - name: Set up Python for appdmg to be installed
-        if: ${{ matrix.os.name == 'macos' }}
-        run: brew install python-setuptools
-      - name: Install dependencies
-        run: npm ci
-      - name: Update build info
-        run: npm run update-build-info      
-      - name: Run electron-forge
-        run: npm run make-electron -- --arch=${{ matrix.arch }}
-      - name: Prepare artifacts (Unix)
-        if: runner.os != 'windows'
-        run: |
-          mkdir -p upload
-          file=$(find out/make -name '*.zip' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.zip"
-          file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.${{ matrix.os.extension }}"
-      - name: Prepare artifacts (Windows)
-        if: runner.os == 'windows'
-        run: |
-          mkdir upload
-          $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.zip"
-          $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}-${{ github.ref_name }}.${{ matrix.os.extension }}"
+      - name: Run the build
+        uses: ./.github/actions/build-electron
+        with:
+          os: ${{ matrix.os.name }}
+          arch: ${{ matrix.arch }}
+          extension: ${{ matrix.os.extension }}
+        env:
+          WINDOWS_SIGNTOOL_PATH: "C:\\ev_signer_trilium\\ev_signer_trilium.exe"
+          WINDOWS_SIGN_WITH_PARAMS: --executable
       - name: Publish artifacts
         uses: actions/upload-artifact@v4
         with:
@@ -72,39 +51,3 @@ jobs:
         with:
           name: TriliumNextNotes ${{ matrix.os.name }} ${{ matrix.arch }}.${{matrix.os.extension}}
           path: upload/*.${{ matrix.os.extension }}
-  build_linux_server:
-    name: Build Linux Server
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [x64, arm64]
-        include:
-          - arch: x64
-            runs-on: ubuntu-latest
-          - arch: arm64
-            runs-on: ubuntu-24.04-arm
-    runs-on: ${{ matrix.runs-on }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up node & dependencies
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: "npm"
-      - name: Install dependencies
-        run: npm ci
-      - name: Run Linux server build
-        env:
-          MATRIX_ARCH: ${{ matrix.arch }}
-        run: |
-          npm run update-build-info
-          ./bin/build-server.sh
-      - name: Prepare artifacts
-        run: |
-          mkdir -p upload
-          file=$(find dist -name '*.tar.xz' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-linux-${{ matrix.arch }}-${{ github.ref_name }}.tar.xz"
-      - uses: actions/upload-artifact@v4
-        with:
-          name: TriliumNextNotes linux server ${{ matrix.arch }}
-          path: upload/TriliumNextNotes-linux-${{ matrix.arch }}-${{ github.ref_name }}.tar.xz
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -34,33 +34,14 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-      - name: Set up Python for appdmg to be installed
-        if: ${{ matrix.os.name == 'macos' }}
-        run: brew install python-setuptools
-      - name: Install dependencies
-        run: npm ci
-      - name: Update build info
-        run: npm run update-build-info
       - name: Update nightly version
         run: npm run ci-update-nightly-version
-      - name: Run electron-forge
-        run: npm run make-electron -- --arch=${{ matrix.arch }}
-      - name: Prepare artifacts (Unix)
-        if: runner.os != 'windows'
-        run: |
-          mkdir -p upload
-          file=$(find out/make -name '*.zip' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.zip"
-          file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}"
-      - name: Prepare artifacts (Windows)
-        if: runner.os == 'windows'
-        run: |
-          mkdir upload
-          $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.zip"
-          $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}"
+      - name: Run the build
+        uses: ./.github/actions/build-electron
+        with:
+          os: ${{ matrix.os.name }}      
+          arch: ${{ matrix.arch }}
+          extension: ${{ matrix.os.extension }}
       - name: Publish artifacts
         uses: actions/upload-artifact@v4
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -34,31 +34,12 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-      - name: Set up Python for appdmg to be installed
-        if: ${{ matrix.os.name == 'macos' }}
-        run: brew install python-setuptools
-      - name: Install dependencies
-        run: npm ci
-      - name: Update build info
-        run: npm run update-build-info
-      - name: Run electron-forge
-        run: npm run make-electron -- --arch=${{ matrix.arch }}
-      - name: Prepare artifacts (Unix)
-        if: runner.os != 'windows'
-        run: |
-          mkdir -p upload
-          file=$(find out/make -name '*.zip' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.zip"
-          file=$(find out/make -name '*.${{ matrix.os.extension }}' -print -quit)
-          cp "$file" "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}"
-      - name: Prepare artifacts (Windows)
-        if: runner.os == 'windows'
-        run: |
-          mkdir upload
-          $file = Get-ChildItem -Path out/make -Filter '*.zip' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.zip"
-          $file = Get-ChildItem -Path out/make -Filter '*.${{ matrix.os.extension }}' -Recurse | Select-Object -First 1
-          Copy-Item -Path $file.FullName -Destination "upload/TriliumNextNotes-${{ github.ref_name }}-${{ matrix.os.name }}-${{ matrix.arch }}.${{ matrix.os.extension }}"      
+      - name: Run the build
+        uses: ./.github/actions/build-electron
+        with:
+          os: ${{ matrix.os.name }}        
+          arch: ${{ matrix.arch }}      
+          extension: ${{ matrix.os.extension }}
       - name: Publish release
         uses: softprops/action-gh-release@v2
         with:

diff --git a/bin/sign-windows.cjs b/bin/sign-windows.cjs
@@ -0,0 +1,8 @@
+const child_process = require("child_process");
+const SIGN_EXECUTABLE = "C:\\ev_signer_trilium\\ev_signer_trilium.exe";
+
+module.exports = function (filePath) {
+    const command = `${SIGN_EXECUTABLE} --executable "${filePath}"`;
+    console.log(`> ${command}`);
+    child_process.execSync(command);
+}
diff --git a/forge.config.cjs b/forge.config.cjs
@@ -1,6 +1,5 @@
 const path = require("path");
 const fs = require("fs-extra");
-
 const APP_NAME = "TriliumNext Notes";
 
 module.exports = {
@@ -10,6 +9,9 @@ module.exports = {
         overwrite: true,
         asar: true,
         icon: "./images/app-icons/icon",
+        windowsSign: {
+            hookModulePath: "bin\\sign-windows.cjs"
+        },
         extraResource: [
             // Moved to root
             ...getExtraResourcesForPlatform(),
@@ -63,7 +65,7 @@ module.exports = {
             config: {
                 iconUrl: "https://raw.githubusercontent.com/TriliumNext/Notes/develop/images/app-icons/icon.ico",
                 setupIcon: "./images/app-icons/icon.ico",
-                loadingGif: "./images/app-icons/win/setup-banner.gif"
+                loadingGif: "./images/app-icons/win/setup-banner.gif",
             }
         },
         {

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -153,6 +153,7 @@
     "@electron-forge/maker-zip": "7.6.0",
     "@electron-forge/plugin-auto-unpack-natives": "7.6.0",
     "@electron/rebuild": "3.7.1",
+    "@electron/windows-sign": "1.2.0",
     "@playwright/test": "1.49.1",
     "@types/archiver": "6.0.3",
     "@types/better-sqlite3": "7.6.12",