3c786f2333
Implements Authenticode signing for Windows binaries to reduce AV false positives. Changes: - Add scripts/sign-windows.sh for osslsigncode-based signing - Update .goreleaser.yml with post-build signing hook - Update release.yml to install osslsigncode and pass secrets - Update docs/ANTIVIRUS.md with signing verification instructions - Update scripts/README.md with signing script documentation The signing is gracefully degraded - releases continue without signing if the certificate secrets are not configured. Required secrets for signing: - WINDOWS_SIGNING_CERT_PFX_BASE64: base64-encoded PFX certificate - WINDOWS_SIGNING_CERT_PASSWORD: certificate password 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
6.0 KiB
6.0 KiB