Skip to content
build-and-sign

Demo workflow signing with SignPath #4

Sign in to view logs

Demo workflow signing with SignPath

Demo workflow signing with SignPath #4

Workflow file for this run

.github/workflows/build-and-sign.yml at 0cb986a
# This workflow is a demo of how to use the Gihub Actions workflow steps for SignPath. For a complete documentation,
# view https://github.com/SignPath/github-actions
name: build-and-sign
run-name: Demo workflow signing with SignPath
on:
push:
pull_request:
workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
jobs:
build_and_sign:
runs-on: windows-latest
steps:
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: build
run: ./src/Build.ps1
- name: create SBOM
run: ./sbom/Create-SBOM.ps1
- name: upload-unsigned-artifact
id: upload-unsigned-artifact
uses: actions/upload-artifact@v4
with:
name: "demo-application"
if-no-files-found: error
path: |
.\_BuildResult-unsigned\DemoExample.msi
.\_BuildResult-unsigned\bom.xml
- name: sign
uses: signpath/github-action-submit-signing-request@v0.4
env:
# select release-signing policy for main and release branches
SIGNPATH_SIGNING_POLICY_SLUG: |
${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/'))
&& 'release-signing'
|| 'test-signing' }}
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
project-slug: 'Demo_Application'
signing-policy-slug: '${{ env.SIGNPATH_SIGNING_POLICY_SLUG }}'
github-artifact-id: "${{steps.upload-unsigned-artifact.outputs.artifact-id}}"
wait-for-completion: true
output-artifact-directory: 'demo-application-signed'
github-extended-verification-token: '${{ secrets.EXTENDED_VERIFICATION_TOKEN }}'
- name: upload-signed-artifact
uses: actions/upload-artifact@v4
with:
name: "demo-application-signed"
path: "demo-application-signed"
if-no-files-found: error