From 75a9ebcdf9b5368b871e935bd5e674388cc53d7b Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sat, 20 Sep 2025 18:07:21 +0200
Subject: [PATCH] CI: remove Azure Trusted Signing action

The Azure Trusted Signing certificate is expiring soon, and renewal is no
longer available  for individuals or organizations outside of Canada and USA.

Due to this limitation, we are removing the Trusted Signing step from our
CI pipeline.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 .github/workflows/development.yml | 58 -------------------------------
 .github/workflows/release.yml     | 55 -----------------------------
 2 files changed, 113 deletions(-)

diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml
index 5ce7a112..a8e3a043 100644
--- a/.github/workflows/development.yml
+++ b/.github/workflows/development.yml
@@ -169,39 +169,6 @@ jobs:
           Remove-Item Env:\GOOS
           Remove-Item Env:\GOARCH
 
-      - name: Azure login
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: azure/login@v2
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-      - name: Sign binaries
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: azure/trusted-signing-action@v0.5.9
-        with:
-          endpoint: https://eus.codesigning.azure.net/
-          trusted-signing-account-name: nicola
-          certificate-profile-name: SFTPGo
-          files: |
-            ${{ github.workspace }}\sftpgo.exe
-            ${{ github.workspace }}\arm64\sftpgo.exe
-            ${{ github.workspace }}\x86\sftpgo.exe
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-          exclude-environment-credential: true
-          exclude-workload-identity-credential: true
-          exclude-managed-identity-credential: true
-          exclude-shared-token-cache-credential: true
-          exclude-visual-studio-credential: true
-          exclude-visual-studio-code-credential: true
-          exclude-azure-cli-credential: false
-          exclude-azure-powershell-credential: true
-          exclude-azure-developer-cli-credential: true
-          exclude-interactive-browser-credential: true
-
       - name: Initialize data provider
         run: |
           rm sftpgo.db
@@ -247,31 +214,6 @@ jobs:
           $Env:SFTPGO_ISS_ARCH='x86'
           iscc .\windows-installer\sftpgo.iss
 
-      - name: Sign installers
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: azure/trusted-signing-action@v0.5.9
-        with:
-          endpoint: https://eus.codesigning.azure.net/
-          trusted-signing-account-name: nicola
-          certificate-profile-name: SFTPGo
-          files: |
-            ${{ github.workspace }}\sftpgo_windows_x86_64.exe
-            ${{ github.workspace }}\sftpgo_windows_arm64.exe
-            ${{ github.workspace }}\sftpgo_windows_x86.exe
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-          exclude-environment-credential: true
-          exclude-workload-identity-credential: true
-          exclude-managed-identity-credential: true
-          exclude-shared-token-cache-credential: true
-          exclude-visual-studio-credential: true
-          exclude-visual-studio-code-credential: true
-          exclude-azure-cli-credential: false
-          exclude-azure-powershell-credential: true
-          exclude-azure-developer-cli-credential: true
-          exclude-interactive-browser-credential: true
-
       - name: Upload Windows installer x86_64 artifact
         if: ${{ github.event_name != 'pull_request' }}
         uses: actions/upload-artifact@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ebae3579..91f7c756 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -83,37 +83,6 @@ jobs:
         env:
           SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }}
 
-      - name: Azure login
-        uses: azure/login@v2
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-      - name: Sign binaries
-        uses: azure/trusted-signing-action@v0.5.9
-        with:
-          endpoint: https://eus.codesigning.azure.net/
-          trusted-signing-account-name: nicola
-          certificate-profile-name: SFTPGo
-          files: |
-            ${{ github.workspace }}\sftpgo.exe
-            ${{ github.workspace }}\arm64\sftpgo.exe
-            ${{ github.workspace }}\x86\sftpgo.exe
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-          exclude-environment-credential: true
-          exclude-workload-identity-credential: true
-          exclude-managed-identity-credential: true
-          exclude-shared-token-cache-credential: true
-          exclude-visual-studio-credential: true
-          exclude-visual-studio-code-credential: true
-          exclude-azure-cli-credential: false
-          exclude-azure-powershell-credential: true
-          exclude-azure-developer-cli-credential: true
-          exclude-interactive-browser-credential: true
-
       - name: Initialize data provider
         run: ./sftpgo initprovider
         shell: bash
@@ -152,30 +121,6 @@ jobs:
         env:
           SFTPGO_ISS_VERSION: ${{ steps.get_version.outputs.VERSION }}
 
-      - name: Sign installers
-        uses: azure/trusted-signing-action@v0.5.9
-        with:
-          endpoint: https://eus.codesigning.azure.net/
-          trusted-signing-account-name: nicola
-          certificate-profile-name: SFTPGo
-          files: |
-            ${{ github.workspace }}\sftpgo_windows_x86_64.exe
-            ${{ github.workspace }}\sftpgo_windows_arm64.exe
-            ${{ github.workspace }}\sftpgo_windows_x86.exe
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-          exclude-environment-credential: true
-          exclude-workload-identity-credential: true
-          exclude-managed-identity-credential: true
-          exclude-shared-token-cache-credential: true
-          exclude-visual-studio-credential: true
-          exclude-visual-studio-code-credential: true
-          exclude-azure-cli-credential: false
-          exclude-azure-powershell-credential: true
-          exclude-azure-developer-cli-credential: true
-          exclude-interactive-browser-credential: true
-
       - name: Prepare Portable Release
         run: |
           mkdir win-portable