Update main.yml

Author: jmcouffin

.github/workflows/main.yml

@@ -142,10 +142,6 @@ jobs:
       #   run: |
       #     pipenv run pyrevit sign products
 
-      - name: Build Installers
-        run: |
-          pipenv run pyrevit build installers
-
       # - name: Sign Installers
       #   if: (github.repository == env.MainRepo)
       #   env:
@@ -159,7 +155,29 @@ jobs:
       # default retention period is 90 days
       # https://github.com/marketplace/actions/upload-a-build-artifact#retention-period
 
-      - name: Sign files with Trusted Signing
+      - name: Sign files with Trusted Signing (dlls)
+        if: (github.repository == env.MainRepo)
+        uses: azure/[email protected]
+        with:
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          endpoint: ${{ secrets.AZURE_ENDPOINT }}
+          trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
+          certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
+
+          # Sign all exes inside the folder
+          files-folder: bin/
+          files-folder-filter: pyrevit*.dll
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+      
+      - name: Build Installers
+        run: |
+          pipenv run pyrevit build installers
+
+      - name: Sign files with Trusted Signing (installers)
         if: (github.repository == env.MainRepo)
         uses: azure/[email protected]
         with: