If someone is motivated, they could add a more straightforward API to Electron Forge for Trusted Signing.

There'll be one more linter issue MD024/no-duplicate-heading. I'll fix that soon.

I expected no-duplicate-heading to fail, but the Electron project disables it. Thus, linting worked.

Still, to generate distinct anchors for all headings, I set two anchor IDs manually.

@samuelmaddock @erickzhao What would be the path to merging this? (Thanks for the review!)

Hi folks! I just wanted to chime in with an alternative Azure Trusted signing approach I implemented in electron-builder using powershell's Invoke-TrustedSigning. It does require some preemptive setup/init to install the required NuGet(sometimes) & TrustedSigning packages, but I implemented it for ease of use within CI/CD pipelines.

Would love to chat and knowledge-share on it if you're interested in an alternative (and potentially streamlined?) configuration for electron/forge that doesn't require an updated signtool to be installed by the developer. Most notably, these env vars don't seem to be required to be configured AFAICT: AZURE_METADATA_JSON AZURE_CODE_SIGNING_DLIB and SIGNTOOL_PATH

For quick reference, here's the relevant code:

Config properties:
https://github.com/electron-userland/electron-builder/blob/443ee8debd4e4d73d9f63a31fb93ce1dbed2538c/packages/app-builder-lib/src/options/winOptions.ts#L127-L171

Initialization of required modules (only runs once)
https://github.com/electron-userland/electron-builder/blob/443ee8debd4e4d73d9f63a31fb93ce1dbed2538c/packages/app-builder-lib/src/codeSign/windowsSignAzureManager.ts#L30-L53

Signing code:
https://github.com/electron-userland/electron-builder/blob/443ee8debd4e4d73d9f63a31fb93ce1dbed2538c/packages/app-builder-lib/src/codeSign/windowsSignAzureManager.ts#L120-L136

Feel free to also reach out to me on Slack if preferred, I'm in the wg-ecosystem channel 🙃