Demo workflow signing with SignPath #8

	# see /README.md

	name: build-and-sign
	run-name: Demo workflow signing with SignPath
	on:
	push:
	pull_request:
	#schedule:
	workflow_dispatch: # Allows you to run this workflow manually from the Actions tab

	jobs:
	build_and_sign:
	runs-on: windows-latest
	steps:

	- name: checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: build
	run: ./src/Build.ps1

	- name: create SBOM
	run: ./sbom/Create-SBOM.ps1

	- name: upload-unsigned-artifact
	id: upload-unsigned-artifact
	uses: actions/upload-artifact@v4
	with:
	name: "demo-application"
	if-no-files-found: error
	path: \|
	.\_BuildResult-unsigned\DemoExample.msi
	.\_BuildResult-unsigned\bom.xml

	- name: sign
	uses: signpath/github-action-submit-signing-request@v1
	env:
	# select release-signing policy for main and release branches
	SIGNPATH_SIGNING_POLICY_SLUG: \|
	${{ (github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/heads/release/'))
	&& 'release-signing'
	\|\| 'test-signing' }}
	with:
	api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
	organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
	project-slug: 'Demo_Application'
	signing-policy-slug: '${{ env.SIGNPATH_SIGNING_POLICY_SLUG }}'
	github-artifact-id: "${{steps.upload-unsigned-artifact.outputs.artifact-id}}"
	wait-for-completion: true
	output-artifact-directory: 'demo-application-signed'
	github-extended-verification-token: '${{ secrets.EXTENDED_VERIFICATION_TOKEN }}'

	- name: upload-signed-artifact
	uses: actions/upload-artifact@v4
	with:
	name: "demo-application-signed"
	path: "demo-application-signed"
	if-no-files-found: error

Provide feedback