feat: add Azure Trusted Signing support (#658)

faustbrian · claude · web-flow · commit 5f6b9d1a54d7 · 2025-07-26T07:20:56.000-04:00
* feat: add Azure Trusted Signing support Add configuration for Azure Trusted Signing service for Windows code signing. This includes credential settings and environment variable cleanup for Azure-related keys. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * style: reorganize imports in DebugCommand 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/config/nativephp-internal.php b/config/nativephp-internal.php
@@ -48,6 +48,19 @@
         'apple_team_id' => env('NATIVEPHP_APPLE_TEAM_ID'),
     ],
 
+    /**
+     * The credentials to use Azure Trusted Signing service.
+     */
+    'azure_trusted_signing' => [
+        'tenant_id' => env('AZURE_TENANT_ID'),
+        'client_id' => env('AZURE_CLIENT_ID'),
+        'client_secret' => env('AZURE_CLIENT_SECRET'),
+        'publisher_name' => env('NATIVEPHP_AZURE_PUBLISHER_NAME'),
+        'endpoint' => env('NATIVEPHP_AZURE_ENDPOINT'),
+        'certificate_profile_name' => env('NATIVEPHP_AZURE_CERTIFICATE_PROFILE_NAME'),
+        'code_signing_account_name' => env('NATIVEPHP_AZURE_CODE_SIGNING_ACCOUNT_NAME'),
+    ],
+
     /**
      * The binary path of PHP for NativePHP to use at build.
      */
diff --git a/config/nativephp.php b/config/nativephp.php
@@ -60,6 +60,7 @@
      */
     'cleanup_env_keys' => [
         'AWS_*',
+        'AZURE_*',
         'GITHUB_*',
         'DO_SPACES_*',
         '*_SECRET',
@@ -68,6 +69,10 @@
         'NATIVEPHP_APPLE_ID',
         'NATIVEPHP_APPLE_ID_PASS',
         'NATIVEPHP_APPLE_TEAM_ID',
+        'NATIVEPHP_AZURE_PUBLISHER_NAME',
+        'NATIVEPHP_AZURE_ENDPOINT',
+        'NATIVEPHP_AZURE_CERTIFICATE_PROFILE_NAME',
+        'NATIVEPHP_AZURE_CODE_SIGNING_ACCOUNT_NAME',
     ],
 
     /**
diff --git a/src/Commands/DebugCommand.php b/src/Commands/DebugCommand.php
@@ -111,6 +111,14 @@ private function processNativePHP(): static
             && config('nativephp-internal.notarization.apple_id_pass')
             && config('nativephp-internal.notarization.apple_team_id');
 
+        $isAzureTrustedSigningConfigured = config('nativephp-internal.azure_trusted_signing.tenant_id')
+            && config('nativephp-internal.azure_trusted_signing.client_id')
+            && config('nativephp-internal.azure_trusted_signing.client_secret')
+            && config('nativephp-internal.azure_trusted_signing.publisher_name')
+            && config('nativephp-internal.azure_trusted_signing.endpoint')
+            && config('nativephp-internal.azure_trusted_signing.certificate_profile_name')
+            && config('nativephp-internal.azure_trusted_signing.code_signing_account_name');
+
         $this->debugInfo->put(
             'NativePHP',
             [
@@ -122,6 +130,7 @@ private function processNativePHP(): static
                         'Post' => config('nativephp.postbuild'),
                     ],
                     'NotarizationEnabled' => $isNotarizationConfigured,
+                    'AzureTrustedSigningEnabled' => $isAzureTrustedSigningConfigured,
                     'CustomPHPBinary' => config('nativephp-internal.php_binary_path') ?? false,
                 ],
             ]
