Update GitHub Actions pipeline for signing #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sign AViewer Executable | |
| on: | |
| push: | |
| branches: | |
| - signav | |
| workflow_dispatch: | |
| jobs: | |
| sign-exe: | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Retrieve Existing .exe File | |
| run: | | |
| if (Test-Path -Path "package/release/aViewer2.0.3.exe") { | |
| Write-Output "Executable found, proceeding with signing." | |
| } else { | |
| Write-Error "Executable not found! Check repository structure." | |
| exit 1 | |
| } | |
| - name: Download Jsign | |
| run: | | |
| curl -L -o jsign.jar https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar | |
| shell: bash | |
| - name: Sign Executable with AWS KMS | |
| run: | | |
| java -jar jsign.jar ` | |
| --storetype AWS ` | |
| --keystore "${{ secrets.AWS_REGION }}" ` | |
| --storepass "${{ secrets.AWS_ACCESS_KEY }}|${{ secrets.AWS_SECRET_KEY }}" ` | |
| --alias "${{ secrets.KMS_ARN }}" ` | |
| --certfile "${{ secrets.CERT_PATH }}" ` | |
| --alg "SHA256" ` | |
| --tsaurl "http://timestamp.digicert.com" ` | |
| --tsretries 10 ` | |
| package/release/aViewer2.0.3.exe | |
| - name: Upload Signed Executable | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: signed-aviewer | |
| path: package/release/aViewer2.0.3.exe | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: v1.0.${{ github.run_number }} | |
| files: package/release/aViewer2.0.3.exe | |
| body: "Signed release of AViewer" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |