|
1 | 1 | # This workflow will install Python dependencies, run tests and lint with a single version of Python |
2 | 2 | # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions |
3 | 3 |
|
4 | | -name: Python application |
| 4 | +name: VW_Flash Build and Sign |
| 5 | + |
| 6 | +permissions: |
| 7 | + id-token: write |
| 8 | + contents: read |
5 | 9 |
|
6 | 10 | defaults: |
7 | 11 | run: |
|
11 | 15 | push: |
12 | 16 | branches: |
13 | 17 | - master |
14 | | - tags: |
15 | | - - '*' |
16 | | - pull_request: |
17 | | - branches: [ master ] |
18 | 18 |
|
19 | 19 | jobs: |
20 | 20 | build: |
21 | | - |
| 21 | + environment: Sign |
22 | 22 | runs-on: windows-latest |
23 | 23 |
|
24 | 24 | steps: |
25 | 25 | - uses: actions/checkout@v4 |
| 26 | + |
| 27 | + - name: Azure login |
| 28 | + uses: azure/login@v1 |
| 29 | + with: |
| 30 | + client-id: ${{ secrets.AZURE_CLIENT_ID }} |
| 31 | + tenant-id: ${{ secrets.AZURE_TENANT_ID }} |
| 32 | + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
26 | 33 | - name: Set up Python 3.13 |
27 | 34 | uses: actions/setup-python@v5 |
28 | 35 | with: |
|
44 | 51 | - name: pyinstaller |
45 | 52 | run: | |
46 | 53 | pyinstaller VW_Flash_GUI.spec |
| 54 | + - name: Sign files with Trusted Signing |
| 55 | + uses: azure/trusted-signing-action@v0 |
| 56 | + with: |
| 57 | + endpoint: https://eus.codesigning.azure.net/ |
| 58 | + trusted-signing-account-name: OpenSource |
| 59 | + certificate-profile-name: OpenSource |
| 60 | + files-folder: ${{ github.workspace }}\dist |
| 61 | + files-folder-filter: exe,dll |
| 62 | + file-digest: SHA256 |
| 63 | + timestamp-rfc3161: http://timestamp.acs.microsoft.com |
| 64 | + timestamp-digest: SHA256 |
| 65 | + exclude-environment-credential: true |
| 66 | + exclude-workload-identity-credential: true |
| 67 | + exclude-managed-identity-credential: true |
| 68 | + exclude-shared-token-cache-credential: true |
| 69 | + exclude-visual-studio-credential: true |
| 70 | + exclude-visual-studio-code-credential: true |
| 71 | + exclude-azure-cli-credential: false |
| 72 | + exclude-azure-powershell-credential: true |
| 73 | + exclude-azure-developer-cli-credential: true |
| 74 | + exclude-interactive-browser-credential: true |
47 | 75 | - name: Archive EXE artifacts |
48 | 76 | uses: actions/upload-artifact@v4 |
49 | 77 | with: |
|
0 commit comments