workflow test signing with SignPath #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Sign PicView on Windows | |
run-name: workflow test signing with SignPath | |
on: workflow_dispatch | |
jobs: | |
build: | |
runs-on: windows-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Step 3: Get version from Directory.Build.props using PowerShell | |
- name: Get version from Directory.Build.props | |
id: get-version | |
run: pwsh -File "${{ github.workspace }}/Build/Get-VersionInfo.ps1" | |
# Step 4 (x64): Publish x64 version | |
- name: Publish x64 version | |
run: | | |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "x64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64" | |
shell: pwsh | |
# Step 5 (x64): Compile .ISS to .EXE Installer for x64 | |
- name: Compile .ISS to .EXE Installer (x64) | |
uses: Minionguyjpro/[email protected] | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64 | |
# Step 6 (arm64): Publish arm64 version | |
- name: Publish arm64 version | |
run: | | |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "arm64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64" | |
shell: pwsh | |
# Step 7 (arm64): Compile .ISS to .EXE Installer for arm64 | |
- name: Compile .ISS to .EXE Installer (arm64) | |
uses: Minionguyjpro/[email protected] | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64 | |
# Step 8: Upload unsigned artifact | |
- name: upload-unsigned-artifact | |
id: upload-unsigned-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.file-version}}-unsigned" | |
if-no-files-found: error | |
path: | | |
${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64.exe | |
${{ github.workspace }}\Build\\PicView-v${{steps.get-version.outputs.version}}-win-arm64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64.exe | |
retention-days: 1 | |
# Step 9: Sign the binaries | |
- name: Sign files | |
uses: signpath/github-action-submit-signing-request@v1 | |
with: | |
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' | |
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}' | |
project-slug: 'PicView' | |
signing-policy-slug: 'test-signing' | |
github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }} | |
wait-for-completion: true | |
output-artifact-directory: 'PicView-${{steps.get-version.outputs.version}}-signed' | |
# Step 10: Upload signed binaries | |
- name: upload-signed-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.version}}-signed" | |
path: "PicView-${{steps.get-version.outputs.version}}-signed" | |
if-no-files-found: error |