Implement Azure Trusted signing

[bukacdan]

Pre-flight checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project uses.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem description

Microsoft introduced their own code signing platform in Azure, which simplifies the whole process and saves Win developers a ton of money.

It would be nice to have support for this in Forge. It has already been implemented in Electron builder (issue).

I don't think we can do use it in the existing forge pipeline, but correct me if I'm wrong.

Proposed solution

A trusted signing plugin, that would plug the signing logic into build and packaging steps.

Alternatives considered

A cookbook how to use Trusted signing with Forge manually.

Additional information

No response

[nikwen]

Signing is done by https://github.com/electron/windows-sign.

If it doesn't support Azure Trusted Signing out of the box, you might use one of the following to make it work:

• Specify custom signtool.exe options
• Use the custom hooks feature described in the README

It might also make sense to open an issue in that repo.

[nikwen]

Also wanted to add this helpful tutorial that I stumbled across. I just used it to create a Trusted Signing account. It saved me hours.

Here's the section on signing executables using signtool.exe. I haven't yet signed an actual file. When I do, I'll try to update the @electron/forge and @electron/windows-sign docs with the proper instructions.

[nikwen]

It took a lot of fiddling, but after 10+ hours, I got it to work. Documented in this PR: electron-forge/electron-forge-docs#210