Skip to content

Commit 3cf6f6f

Browse files
jozefizsojozefizso
committed
Switch to federated login
1 parent 7ae5f3b commit 3cf6f6f

File tree

1 file changed

+20
-12
lines changed

1 file changed

+20
-12
lines changed

.github/workflows/release.yml

Lines changed: 20 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ on:
88
- 'v*.*.*'
99

1010
permissions:
11+
id-token: write
1112
contents: read
1213

1314
jobs:
@@ -79,20 +80,27 @@ jobs:
7980
$content = $content.Replace('${{ github.workspace }}', '..')
8081
$content | Set-Content obj/signlist.txt
8182
83+
- name: Login to Azure
84+
uses: azure/login@v2
85+
with:
86+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
87+
client-id: ${{ secrets.TRUSTED_SIGNING_CLIENT_ID }}
88+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
89+
8290
- name: Sign NetOffice libraries
8391
if: success() && steps.build.outputs.sign_binaries == 'true'
84-
uses: azure/[email protected]
85-
with:
86-
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
87-
azure-client-id: ${{ secrets.TRUSTED_SIGNING_CLIENT_ID }}
88-
azure-client-secret: ${{ secrets.TRUSTED_SIGNING_CLIENT_SECRET }}
89-
endpoint: ${{ secrets.TRUSTED_SIGNING_ENDPOINT }}
90-
trusted-signing-account-name: ${{ secrets.TRUSTED_SIGNING_ACCOUNT_NAME }}
91-
certificate-profile-name: ${{ secrets.TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
92-
files-catalog: '${{ github.workspace }}/obj/signlist.txt'
93-
file-digest: SHA256
94-
timestamp-rfc3161: http://timestamp.acs.microsoft.com
95-
timestamp-digest: SHA256
92+
run: |
93+
sign code trusted-signing `
94+
--file-digest "${{ github.workspace }}\obj\signlist.txt"
95+
--publisher-name "NetOffice" `
96+
--description "NetOffice" `
97+
--description-url "https://github.com/NetOfficeFw/NetOffice" `
98+
--trusted-signing-endpoint "${{ secrets.TRUSTED_SIGNING_ENDPOINT }}" `
99+
--trusted-signing-account "${{ secrets.TRUSTED_SIGNING_ACCOUNT }}" `
100+
--trusted-signing-certificate-profile "${{ secrets.TRUSTED_SIGNING_PROFILE }}" `
101+
--file-digest SHA256 `
102+
--timestamp-rfc3161 http://timestamp.acs.microsoft.com `
103+
--timestamp-digest SHA256
96104
97105
- name: Archive NetOffice binaries
98106
uses: actions/upload-artifact@v5

0 commit comments

Comments
 (0)