Context
Electrobun (v1.18.1) has no Windows code-signing support — confirmed against the docs and build.win config schema: unlike build.mac (which has codesign/notarize fields and ELECTROBUN_DEVELOPER_ID/ELECTROBUN_TEAMID env vars), build.win only supports icon, bundleCEF, defaultRenderer, chromiumFlags. There's no cert/thumbprint config field and no signing step in the build pipeline for Windows.
Right now the app ships as an unsigned Setup.exe/.zip via GitHub Releases (see #3), which triggers a Windows SmartScreen warning for downloaders. Deferred intentionally until there's budget/need for a certificate.
What's needed
Scope
Windows only. Not blocking GitHub Releases distribution (#3) — unsigned is acceptable for now.
Context
Electrobun (v1.18.1) has no Windows code-signing support — confirmed against the docs and
build.winconfig schema: unlikebuild.mac(which hascodesign/notarizefields andELECTROBUN_DEVELOPER_ID/ELECTROBUN_TEAMIDenv vars),build.winonly supportsicon,bundleCEF,defaultRenderer,chromiumFlags. There's no cert/thumbprint config field and no signing step in the build pipeline for Windows.Right now the app ships as an unsigned
Setup.exe/.zipvia GitHub Releases (see #3), which triggers a Windows SmartScreen warning for downloaders. Deferred intentionally until there's budget/need for a certificate.What's needed
signtool sign /fd sha256 /tr <timestamp-url> /td sha256 build\stable-win-x64\letora-Setup.exestep to the release CI workflow, afterelectrobun build --env=stableand before the artifacts are uploaded.exeifSetup.exealone isn't sufficient (Electrobun's Windows installer is a self-extracting exe wrapping a separate.tar.zstarchive — worth checking whether SmartScreen reputation applies to the extractor exe, the eventual installed binaries, or both)Scope
Windows only. Not blocking GitHub Releases distribution (#3) — unsigned is acceptable for now.