sign-cli.yml 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. name: sign-cli
  2. on:
  3. push:
  4. branches:
  5. - brendan/desktop-signpath
  6. workflow_dispatch:
  7. permissions:
  8. contents: read
  9. actions: read
  10. jobs:
  11. sign-cli:
  12. runs-on: blacksmith-4vcpu-ubuntu-2404
  13. if: github.repository == 'anomalyco/opencode'
  14. steps:
  15. - uses: actions/checkout@v3
  16. with:
  17. fetch-tags: true
  18. - uses: ./.github/actions/setup-bun
  19. - name: Build
  20. run: |
  21. ./packages/opencode/script/build.ts
  22. - name: Upload unsigned Windows CLI
  23. id: upload_unsigned_windows_cli
  24. uses: actions/upload-artifact@v4
  25. with:
  26. name: unsigned-opencode-windows-cli
  27. path: packages/opencode/dist/opencode-windows-x64/bin/opencode.exe
  28. if-no-files-found: error
  29. - name: Submit SignPath signing request
  30. id: submit_signpath_signing_request
  31. uses: signpath/github-action-submit-signing-request@v1
  32. with:
  33. api-token: ${{ secrets.SIGNPATH_API_KEY }}
  34. organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
  35. project-slug: ${{ secrets.SIGNPATH_PROJECT_SLUG }}
  36. signing-policy-slug: ${{ secrets.SIGNPATH_SIGNING_POLICY_SLUG }}
  37. artifact-configuration-slug: ${{ secrets.SIGNPATH_ARTIFACT_CONFIGURATION_SLUG }}
  38. github-artifact-id: ${{ steps.upload_unsigned_windows_cli.outputs.artifact-id }}
  39. wait-for-completion: true
  40. output-artifact-directory: signed-opencode-cli
  41. - name: Upload signed Windows CLI
  42. uses: actions/upload-artifact@v4
  43. with:
  44. name: signed-opencode-windows-cli
  45. path: signed-opencode-cli/*.exe
  46. if-no-files-found: error