Switching to correct tool

Author: jbogard

.github/workflows/ci.yml

@@ -58,21 +58,26 @@ jobs:
             8.0.x
             9.0.x
             10.0.x
-      - name: Install AzureSignTool
-        run: dotnet tool install --global AzureSignTool
+      - name: Install NuGetKeyVaultSignTool
+        run: dotnet tool install --global NuGetKeyVaultSignTool
       - name: Build and Test
         run: ./Build.ps1
         shell: pwsh
-      - name: Sign package
-        run: |
-          AzureSignTool sign `
-          --azure-key-vault-url ${{ secrets.AZURE_KEYVAULT_URI }} `
-          --azure-key-vault-client-id ${{ secrets.AZURE_CLIENT_ID }} `
-          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} `
-          --azure-key-vault-certificate ${{ secrets.CODESIGN_CERT_NAME }} `
-          --description "AutoMapper" `
-          --timestamp-url http://timestamp.digicert.com `
-          ./artifacts/*.nupkg
+      - name: Sign packages
+        if: github.event == 'push'
+        run: |-
+          for file in artifacts/*.nupkg; do
+            dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-managed-identity --azure-key-vault-url ${{ secrets.AZURE_KEYVAULT_URI }} --azure-key-vault-certificate ${{ secrets.CODESIGN_CERT_NAME }}
+          done
+#      - name: Sign package
+#        run: |
+#          NuGetKeyVaultSignTool sign `
+#          --azure-key-vault-managed-identity `
+#          --azure-key-vault-url ${{ secrets.AZURE_KEYVAULT_URI }} `
+#          --azure-key-vault-certificate ${{ secrets.CODESIGN_CERT_NAME }} `
+#          --description "AutoMapper" `
+#          --timestamp-url http://timestamp.digicert.com `
+#          ./artifacts/*.nupkg
       - name: Push to MyGet
         if: github.ref == 'refs/heads/main'
         env: