Skip to content

workflow test signing with SignPath #29

workflow test signing with SignPath

workflow test signing with SignPath #29

name: Build and Sign PicView on Windows
run-name: workflow test signing with SignPath
on: workflow_dispatch
jobs:
build:
runs-on: windows-latest
steps:
# Step 1: Checkout the code
- name: Checkout repository
uses: actions/checkout@v4
# Step 3: Get version from Directory.Build.props using PowerShell
- name: Get version from Directory.Build.props
id: get-version
run: pwsh -File "${{ github.workspace }}/Build/Get-VersionInfo.ps1"
# Step 4 (x64): Publish x64 version
- name: Publish x64 version
run: |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "x64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64"
shell: pwsh
# Step 5 (x64): Compile .ISS to .EXE Installer for x64
- name: Compile .ISS to .EXE Installer (x64)
uses: Minionguyjpro/[email protected]
with:
path: .\Build\install.iss
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64
# Step 6 (arm64): Publish arm64 version
- name: Publish arm64 version
run: |
pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "arm64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64"
shell: pwsh
# Step 7 (arm64): Compile .ISS to .EXE Installer for arm64
- name: Compile .ISS to .EXE Installer (arm64)
uses: Minionguyjpro/[email protected]
with:
path: .\Build\install.iss
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64 /DAppIcon=${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64
# Step 8: Upload unsigned artifact
- name: upload-unsigned-artifact
id: upload-unsigned-artifact
uses: actions/upload-artifact@v4
with:
name: "PicView-${{steps.get-version.outputs.file-version}}-unsigned"
if-no-files-found: error
path: |
${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64\
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64.exe
${{ github.workspace }}\Build\\PicView-v${{steps.get-version.outputs.version}}-win-arm64\
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64.exe
retention-days: 1
# Step 9: Sign the binaries
- name: Sign files
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
project-slug: 'PicView'
signing-policy-slug: 'test-signing'
github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }}
wait-for-completion: true
output-artifact-directory: 'PicView-${{steps.get-version.outputs.version}}-signed'
# Step 10: Upload signed binaries
- name: upload-signed-artifact
uses: actions/upload-artifact@v4
with:
name: "PicView-${{steps.get-version.outputs.version}}-signed"
path: "PicView-${{steps.get-version.outputs.version}}-signed"
if-no-files-found: error