@@ -8,7 +8,7 @@ permissions:
88 contents : read
99
1010jobs :
11- build-and-sign :
11+ build :
1212 runs-on : ubuntu-latest
1313
1414 steps :
@@ -23,11 +23,62 @@ jobs:
2323 - name : build
2424 run : dotnet build src --configuration Release --restore
2525
26- - name : publish
27- run : dotnet publish src --configuration Release --no-build -o ./artifacts
26+ - name : package
27+ run : dotnet pack src --configuration Release --no-build -o ./artifacts
2828
2929 - name : artifact
3030 uses : actions/upload-artifact@v5
3131 with :
3232 name : AcmeLibrary
3333 path : artifacts
34+
35+ sign :
36+ needs : build
37+
38+ permissions :
39+ id-token : write
40+
41+ environment : production
42+
43+ runs-on : windows-latest
44+
45+ steps :
46+ - name : setup dotnet
47+ uses : actions/setup-dotnet@v5
48+ with :
49+ dotnet-version : ' 8.0.x'
50+
51+ - name : setup dotnet sign tool
52+ run : dotnet tool install --tool-path . --prerelease sign
53+
54+ - name : download artifact
55+ uses : actions/download-artifact@v5
56+ with :
57+ name : AcmeLibrary
58+ path : artifacts
59+
60+ - name : azure login
61+ uses : azure/login@v2
62+ with :
63+ allow-no-subscriptions : true
64+ client-id : ${{ secrets.KEYVAULT_CLIENT_ID }}
65+ tenant-id : ${{ secrets.KEYVAULT_TENANT_ID }}
66+
67+ - name : sign package
68+ shell : pwsh
69+ run : >
70+ ./sign code trusted-signing
71+ **/*.nupkg
72+ --base-directory "${{ github.workspace }}/artifacts"
73+ --publisher-name "NetOffice Acme Sample"
74+ --description "Sample workflow to sign using Azure Trusted Signing service."
75+ --description-url "https://github.com/NetOfficeFw/trusted-signing/"
76+ --trusted-signing-endpoint "${{ secrets.TRUSTED_SIGNING_ENDPOINT }}"
77+ --trusted-signing-account "${{ secrets.TRUSTED_SIGNING_ACCOUNT }}"
78+ --trusted-signing-certificate-profile "${{ secrets.TRUSTED_SIGNING_PROFILE }}"
79+
80+ name : artifact
81+ uses : actions/upload-artifact@v5
82+ with :
83+ name : AcmeLibrary-signed
84+ path : artifacts
0 commit comments