From d01db5de7fad036f176d8d71cf2b64abfc035ce4 Mon Sep 17 00:00:00 2001
From: DioEgizio <83089242+DioEgizio@users.noreply.github.com>
Date: Sat, 31 Jan 2026 10:07:12 +0100
Subject: [PATCH] chore: trusted signing is now artifact signing

see https://github.com/Azure/artifact-signing-action/issues/107

Signed-off-by: DioEgizio <83089242+DioEgizio@users.noreply.github.com>
(cherry picked from commit 8781ac5f6484b0c997af848939caf4dfc302adb5)
---
 .github/actions/package/windows/action.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/actions/package/windows/action.yml b/.github/actions/package/windows/action.yml
index caeabfa09..74036154a 100644
--- a/.github/actions/package/windows/action.yml
+++ b/.github/actions/package/windows/action.yml
@@ -69,7 +69,7 @@ runs:
 
     - name: Sign executables
       if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }}
-      uses: azure/trusted-signing-action@v0
+      uses: azure/artifact-signing-action@v1
       with:
         endpoint: https://eus.codesigning.azure.net/
         trusted-signing-account-name: PrismLauncher
@@ -79,8 +79,8 @@ runs:
         files-folder-recurse: true
         files-folder-depth: 2
         # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1
-        timestamp-rfc3161: 'http://timestamp.acs.microsoft.com'
-        timestamp-digest: 'SHA256'
+        timestamp-rfc3161: "http://timestamp.acs.microsoft.com"
+        timestamp-digest: "SHA256"
         # TODO(@getchoo): Is this all really needed???
         # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md
         exclude-environment-credential: true
@@ -142,7 +142,7 @@ runs:
 
     - name: Sign installer
       if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }}
-      uses: azure/trusted-signing-action@v0
+      uses: azure/artifact-signing-action@v1
       with:
         endpoint: https://eus.codesigning.azure.net/
         trusted-signing-account-name: PrismLauncher
@@ -152,8 +152,8 @@ runs:
           ${{ github.workspace }}\PrismLauncher-Setup.exe
 
         # recommended in https://github.com/Azure/artifact-signing-action#timestamping-1
-        timestamp-rfc3161: 'http://timestamp.acs.microsoft.com'
-        timestamp-digest: 'SHA256'
+        timestamp-rfc3161: "http://timestamp.acs.microsoft.com"
+        timestamp-digest: "SHA256"
         # TODO(@getchoo): Is this all really needed???
         # https://github.com/Azure/trusted-signing-action/blob/fc390cf8ed0f14e248a542af1d838388a47c7a7c/docs/OIDC.md
         exclude-environment-credential: true