Skip to content

Sign

Sign #1

Workflow file for this run

name: Sign
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download dummy executable for signing
run: curl -o random.dll -L https://github.com/carterjones/hello-world-dll/releases/download/v1.0.0/hello-world-x64.dll
- name: Upload unsigned artifact
id: upload-unsigned-artifact
uses: actions/upload-artifact@v7
with:
name: 'unsigned'
if-no-files-found: error
path: random.dll
archive: false
- name: Submit Signing Request
uses: signpath/github-action-submit-signing-request@v2
with:
connector-url: 'https://githubactions.connectors.fqa.test.signpath.io:15021'
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '4a9057ed-a32e-4d6b-a5ef-cbb4e0fc4b86'
project-slug: 'Sample_Executable_Project'
signing-policy-slug: 'release-signing'
github-artifact-id: "${{steps.upload-unsigned-artifact.outputs.artifact-id}}"
skip-decompress: true
wait-for-completion: true
output-artifact-directory: signed
- name: test
# due to a bug in GitHub, the filename needs to be unique across all uploads
# see https://github.com/actions/upload-artifact/issues/769
run: mv signed/random.dll signed/random-signed.dll
- name: Upload signed artifact
uses: actions/upload-artifact@v7
with:
name: 'signed'
if-no-files-found: error
path: signed/random-signed.dll
archive: false