Sign installer

eltos · eltos · commit a1bb720bdebe · 2025-06-07T16:54:33.000+02:00
diff --git a/.github/workflows/dotnet-release.yml b/.github/workflows/dotnet-release.yml
@@ -19,8 +19,10 @@ jobs:
           configuration: Release
           flavor: Portable
           artifact: release_artifact_portable
+
       - name: Create zip
         run: Compress-Archive -Path ${{steps.build.outputs.path}}/* -Destination release_artifact_portable_unsigned.zip
+
       - name: Upload release artifact
         uses: actions/upload-release-asset@v1
         env:
@@ -31,7 +33,8 @@ jobs:
           asset_name: PasteIntoFile_${{ github.event.release.tag_name }}_portable_unsigned.zip
           asset_content_type: application/zip
 
-      - uses: signpath/github-action-submit-signing-request@v1.1
+      - name: Sign with Signpath
+        uses: signpath/github-action-submit-signing-request@v1.1
         with:
           api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
           organization-id: '030bee06-17be-4a2a-a788-9efdbd14a889'
@@ -41,8 +44,10 @@ jobs:
           github-artifact-id: '${{ steps.build.outputs.artifact-id }}'
           wait-for-completion: true
           output-artifact-directory: 'signing_result'
+
       - name: Create zip
         run: Compress-Archive -Path signing_result/* -Destination release_artifact_portable_signed.zip
+
       - name: Upload signed release artifact
         uses: actions/upload-release-asset@v1
         env:
@@ -58,29 +63,62 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
       - name: Build program executable
         id: build
         uses: ./.github/build
         with:
           configuration: Release
           flavor: Installer
+
       - name: Add WiX toolkit to PATH
         shell: bash
         run: echo "${WIX}bin" >> $GITHUB_PATH
+
       - name: Build MSI file with WiX toolchain
         run: |
           cd Installer
           heat dir ../${{steps.build.outputs.path}} -dr INSTALLFOLDER -ag -cg ReleaseFragment -ke -srd -sfrag -nologo -pog:Binaries -pog:Documents -pog: Satellites -pog:Sources -pog:Content -t releaseFiles.xslt -out releaseFiles.wxs
           candle releaseFiles.wxs
           candle PasteIntoFile.wxs
           light -b ../${{steps.build.outputs.path}} releaseFiles.wixobj PasteIntoFile.wixobj -ext WixNetFxExtension -out Installer.msi
+
       - name: Upload release artifact
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ github.event.release.upload_url }}
           asset_path: Installer/Installer.msi
-          asset_name: PasteIntoFile_${{ github.event.release.tag_name }}_installer.msi
+          asset_name: PasteIntoFile_${{ github.event.release.tag_name }}_installer_unsigned.msi
           asset_content_type: application/msi
 
+
+      - name: Upload artifact for signing
+        id: upload
+        uses: actions/upload-artifact@v4
+        with:
+            path: Installer/Installer.msi
+
+      - name: Sign with Signpath
+        uses: signpath/github-action-submit-signing-request@v1.1
+        with:
+            api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
+            organization-id: '030bee06-17be-4a2a-a788-9efdbd14a889'
+            project-slug: 'PasteIntoFile'
+            signing-policy-slug: 'test-signing'
+            artifact-configuration-slug: 'installer-zip'
+            github-artifact-id: '${{ steps.upload.outputs.artifact-id }}'
+            wait-for-completion: true
+            output-artifact-directory: 'signing_result'
+
+      - name: Upload signed release artifact
+        uses: actions/upload-release-asset@v1
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+            upload_url: ${{ github.event.release.upload_url }}
+            asset_path: signing_result/Installer.msi
+            asset_name: PasteIntoFile_${{ github.event.release.tag_name }}_installer_signed.msi
+            asset_content_type: application/msi
+
