workflow test signing with SignPath #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Sign Release on Windows | |
run-name: workflow test signing with SignPath | |
on: workflow_dispatch | |
jobs: | |
build: | |
runs-on: windows-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Step 2: Setup .NET 9 SDK | |
- name: Setup .NET 9 SDK | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: '9.x' | |
# Step 3: Get version from the project file | |
- name: Get version from the project file | |
uses: kzrnm/get-net-sdk-project-versions-action@v2 | |
id: get-version | |
with: | |
proj-path: .\src\PicView.Avalonia.Win32\PicView.Avalonia.Win32.csproj | |
# Step 4 (x64): Publish x64 version | |
- name: Publish x64 version | |
run: | | |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "x64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64" | |
shell: pwsh | |
# Step 5 (x64): Compile .ISS to .EXE Installer for x64 | |
- name: Compile .ISS to .EXE Installer (x64) | |
uses: Minionguyjpro/Inno-Setup-Action@v1.2.5 | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64 | |
# Step 6 (arm64): Publish arm64 version | |
- name: Publish arm64 version | |
run: | | |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "arm64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64" | |
shell: pwsh | |
# Step 7 (arm64): Compile .ISS to .EXE Installer for arm64 | |
- name: Compile .ISS to .EXE Installer (arm64) | |
uses: Minionguyjpro/Inno-Setup-Action@v1.2.5 | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64 | |
# Step 8: Upload unsigned artifact | |
- name: upload-unsigned-artifact | |
id: upload-unsigned-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.file-version}}-unsigned" | |
if-no-files-found: error | |
path: | | |
${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64.exe | |
${{ github.workspace }}\Build\\PicView-v${{steps.get-version.outputs.version}}-win-arm64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64.exe | |
retention-days: 1 | |
# Step 9: Sign the binaries | |
- name: Sign files | |
uses: signpath/github-action-submit-signing-request@v1 | |
with: | |
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' | |
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}' | |
project-slug: 'PicView' | |
signing-policy-slug: 'release-signing' | |
github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }} | |
wait-for-completion: true | |
output-artifact-directory: 'PicView-${{steps.get-version.outputs.version}}-signed' | |
# Step 10: Upload signed binaries | |
- name: upload-signed-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.version}}-signed" | |
path: "PicView-${{steps.get-version.outputs.version}}-signed" | |
if-no-files-found: error |