workflow test signing with SignPath #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Sign PicView | |
run-name: workflow test signing with SignPath | |
on: workflow_dispatch | |
jobs: | |
build: | |
runs-on: windows-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Step 2: Setup .NET 9 SDK | |
- name: Setup .NET 9 SDK | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: '9.x' | |
# Step 3: Get version from Directory.Build.props using PowerShell | |
- name: Get version from Directory.Build.props | |
id: get-version | |
run: pwsh -File "${{ github.workspace }}/Build/Get-VersionInfo.ps1" | |
# Step 4 (x64): Publish x64 version | |
- name: Publish x64 version | |
run: | | |
$projectPath = ".\src\PicView.WPF\PicView.WPF.csproj" | |
$publishPath = "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64" | |
dotnet publish $projectPath --runtime win-x64 --self-contained true --configuration Release --output $publishPath /p:PublishReadyToRun=true | |
shell: pwsh | |
# Step 5 (x64): Compile .ISS to .EXE Installer for x64 | |
- name: Compile .ISS to .EXE Installer (x64) | |
uses: Minionguyjpro/[email protected] | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64 /DAppIcon=${{ github.workspace }}\src\PicView.WPF\Themes\Resources\img\icon__Q6k_icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64 | |
# Step 6: Switch to arm64 architecture | |
- name: Switch to arm64 architecture | |
run: pwsh -File "${{ github.workspace }}\Build\ChangeX64-ARM64.ps1" | |
shell: pwsh | |
# Step 7 (arm64): Publish x64 version | |
- name: Publish arm64 version | |
run: | | |
$projectPath = ".\src\PicView.WPF\PicView.WPF.csproj" | |
$publishPath = "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64" | |
dotnet publish $projectPath --runtime win-x64 --self-contained true --configuration Release --output $publishPath /p:PublishReadyToRun=true | |
shell: pwsh | |
# Step 8 (arm64): Compile .ISS to .EXE Installer for arm64 | |
- name: Compile .ISS to .EXE Installer (arm64) | |
uses: Minionguyjpro/[email protected] | |
with: | |
path: .\Build\install.iss | |
options: /O+ /DMyAppVersion=${{steps.get-version.outputs.file-version}} /DMyAppOutputDir=${{ github.workspace }}\Build\install /DMyFileSource=${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64 /DAppIcon=${{ github.workspace }}\src\PicView.WPF\Themes\Resources\img\icon__Q6k_icon.ico /DLicenseFile=${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt /DMyAppOutputName=Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64 | |
# Step 9: Upload unsigned artifact | |
- name: upload-unsigned-artifact | |
id: upload-unsigned-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.file-version}}-unsigned" | |
if-no-files-found: error | |
path: | | |
${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64.exe | |
${{ github.workspace }}\Build\\PicView-v${{steps.get-version.outputs.version}}-win-arm64\ | |
${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64.exe | |
retention-days: 1 | |
# Step 10: Sign the binaries | |
- name: Sign files | |
uses: signpath/github-action-submit-signing-request@v1 | |
with: | |
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' | |
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}' | |
project-slug: 'PicView' | |
signing-policy-slug: 'test-signing' | |
github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }} | |
wait-for-completion: true | |
output-artifact-directory: 'PicView-${{steps.get-version.outputs.version}}-signed' | |
# Step 11: Upload signed binaries | |
- name: upload-signed-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "PicView-${{steps.get-version.outputs.version}}-signed" | |
path: "PicView-${{steps.get-version.outputs.version}}-signed" | |
if-no-files-found: error |