Merge branch 'master' into jgrpp

# Conflicts:
#	.github/workflows/release-windows.yml
#	src/autoreplace_gui.cpp
#	src/cargotype.cpp
#	src/company_base.h
#	src/company_cmd.cpp
#	src/company_gui.cpp
#	src/currency.h
#	src/date_gui.cpp
#	src/dropdown.cpp
#	src/dropdown_func.h
#	src/dropdown_type.h
#	src/game/game_gui.cpp
#	src/genworld.cpp
#	src/genworld_gui.cpp
#	src/ground_vehicle.hpp
#	src/group_gui.cpp
#	src/house.h
#	src/industry_gui.cpp
#	src/network/network_client.cpp
#	src/network/network_server.cpp
#	src/network/network_type.h
#	src/newgrf_class_func.h
#	src/newgrf_house.cpp
#	src/newgrf_roadstop.h
#	src/openttd.cpp
#	src/order_gui.cpp
#	src/saveload/saveload.cpp
#	src/saveload/saveload.h
#	src/screenshot_gui.cpp
#	src/settings_gui.cpp
#	src/settings_type.h
#	src/slider.cpp
#	src/smallmap_gui.cpp
#	src/station_cmd.cpp
#	src/stdafx.h
#	src/survey.cpp
#	src/tile_map.h
#	src/town_cmd.cpp
#	src/town_gui.cpp
#	src/vehicle.cpp
#	src/vehicle_gui.cpp
#	src/vehicle_gui_base.h

os/windows/sign.bat

@@ -1,18 +1,2 @@
 @echo off
-REM Signing script
-REM Arguments: sign.bat exe_to_sign certificate_subject_name
-
-REM This is a loose wrapper around the Microsoft signtool application (included in the Windows SDK).
-REM See https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe for more details.
-
-REM Path to signtool.exe
-IF NOT DEFINED SIGNTOOL_PATH (SET SIGNTOOL_PATH=signtool)
-
-REM URL of the timestamp server
-IF NOT DEFINED SIGNTOOL_TIMESTAMP_URL (SET SIGNTOOL_TIMESTAMP_URL=http://timestamp.digicert.com)
-
-REM Sign with SHA-1 for Windows 7 and below
-"%SIGNTOOL_PATH%" sign -v -n %2 -t %SIGNTOOL_TIMESTAMP_URL% -fd sha1 %1
-
-REM Sign with SHA-256 for Windows 8 and above
-"%SIGNTOOL_PATH%" sign -v -n %2 -tr %SIGNTOOL_TIMESTAMP_URL% -fd sha256 -td sha256 -as %1
+pwsh -File "%~dp0sign_azure.ps1" %1

os/windows/sign_azure.ps1

@@ -0,0 +1,40 @@
+# Signing script for Azure Code Signing
+# Arguments: sign_azure.ps1 path_to_sign
+#
+# Environment variables must be set up before use:
+#
+# AZURE_TENANT_ID
+# AZURE_CLIENT_ID
+# AZURE_CLIENT_SECRET
+# AZURE_CODESIGN_ACCOUNT_NAME
+# AZURE_CODESIGN_ENDPOINT
+# AZURE_CODESIGN_PROFILE_NAME
+
+Param
+(
+    # Files folder
+    [Parameter(Mandatory=$true, Position=0)]
+    $FilesFolder
+)
+
+if (!$Env:AZURE_CODESIGN_ENDPOINT -or !$Env:AZURE_CODESIGN_ACCOUNT_NAME -or !$Env:AZURE_CODESIGN_PROFILE_NAME -or
+	!$Env:AZURE_TENANT_ID -or !$Env:AZURE_CLIENT_ID -or !$Env:AZURE_CLIENT_SECRET)
+{
+	"Code signing variables not found; most likely running in a fork. Skipping signing."
+	exit
+}
+
+Install-Module -Name AzureCodeSigning -Scope CurrentUser -RequiredVersion 0.3.0 -Force -Repository PSGallery
+
+$params = @{}
+
+$params["Endpoint"] = $Env:AZURE_CODESIGN_ENDPOINT
+$params["CodeSigningAccountName"] = $Env:AZURE_CODESIGN_ACCOUNT_NAME
+$params["CertificateProfileName"] = $Env:AZURE_CODESIGN_PROFILE_NAME
+$params["FilesFolder"] = $FilesFolder
+$params["FilesFolderFilter"] = "exe"
+$params["FileDigest"] = "SHA256"
+$params["TimestampRfc3161"] = "http://timestamp.acs.microsoft.com"
+$params["TimestampDigest"] = "SHA256"
+
+Invoke-AzureCodeSigning @params