test-sign #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test-sign | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-sign: | |
| name: test-sign-windows | |
| runs-on: ubuntu-latest | |
| environment: release | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download real Windows exe for testing | |
| run: | | |
| mkdir -p dist/unsigned | |
| # Download a real vykar.exe from the latest release | |
| gh release download --pattern "vykar-*-x86_64-pc-windows-msvc.zip" -D /tmp || true | |
| if ls /tmp/vykar-*-windows*.zip 1>/dev/null 2>&1; then | |
| unzip -j /tmp/vykar-*-windows*.zip vykar.exe -d dist/unsigned/ | |
| else | |
| echo "No release found, downloading from a known release..." | |
| gh release download v0.12.10 --pattern "vykar-*-x86_64-pc-windows-msvc.zip" -D /tmp | |
| unzip -j /tmp/vykar-*-windows*.zip vykar.exe -d dist/unsigned/ | |
| fi | |
| ls -la dist/unsigned/ | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Sign | |
| env: | |
| CERTUM_SIMPLYSIGN_USER: ${{ secrets.CERTUM_SIMPLYSIGN_USER }} | |
| CERTUM_TOTP_SECRET: ${{ secrets.CERTUM_TOTP_SECRET }} | |
| CERTUM_CERT_PEM: ${{ secrets.CERTUM_CERT_PEM }} | |
| run: scripts/windows-sign.sh dist/unsigned/*.exe | |
| - name: Upload debug screenshots | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signing-debug-screenshots | |
| path: /tmp/simplysign-*.png | |
| if-no-files-found: ignore | |
| retention-days: 1 |