temp #475

	name: release

	on:
	workflow_dispatch:
	push:
	branches:
	- dotnet-tool-signing

	permissions:
	id-token: write
	contents: write

	jobs:
	dotnet-tool-payload-sign:
	name: Sign .NET tool payload
	# ESRP service requires signing to run on Windows
	runs-on: windows-latest
	environment: release
	steps:
	- name: Log into Azure
	uses: azure/login@v1
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Download/extract Sign CLI tool
	env:
	AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
	ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }}
	SCT: ${{ secrets.SIGN_CLI_TOOL }}
	run: \|
	az storage blob download --file sign-cli.zip --auth-mode login `
	--account-name $env:AST --container-name $env:ASC --name $env:SCT
	Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli

Provide feedback