Release signing will go through an approval queue on the SignPath web site. One of us will have to create the release to generate the signing request, then approve the request on the web site to continue.
We plan to have three files signed (ckan.exe, AutoUpdater.exe, and CKAN.1.34.5.nupkg), which would require two separate requests and approvals as-is since the .nupkg file is in a different folder than the others. Ideally we could approve everything in one go.
The current workflows upload the _build/repack folder which contains several other files that don't need to be signed, like netkan.exe and the ILRepack log files.
Changes
Now if you run ./build Prepare-SignPath --configuration=Release (case insensitive, I believe), a _build/signpath/Release directory will be created containing:
ckan.exe
AutoUpdater.exe
CKAN.1.34.5.nupkg (version string auto-generated based on the changelog)
This path can then be passed to the signpath/github-action-submit-signing-request action to request signing for all three of those files at once, once we create a configuration for that on the SignPath web site.
Note that ./build Prepare-SignPath --configuration=Release --exclusive can be used to skip the compilation and repack steps and only copy files into the dir if the requisite build steps have already been completed.
Motivation
Release signing will go through an approval queue on the SignPath web site. One of us will have to create the release to generate the signing request, then approve the request on the web site to continue.
We plan to have three files signed (
ckan.exe,AutoUpdater.exe, andCKAN.1.34.5.nupkg), which would require two separate requests and approvals as-is since the.nupkgfile is in a different folder than the others. Ideally we could approve everything in one go.The current workflows upload the
_build/repackfolder which contains several other files that don't need to be signed, likenetkan.exeand theILRepacklog files.Changes
Now if you run
./build Prepare-SignPath --configuration=Release(case insensitive, I believe), a_build/signpath/Releasedirectory will be created containing:ckan.exeAutoUpdater.exeCKAN.1.34.5.nupkg(version string auto-generated based on the changelog)This path can then be passed to the
signpath/github-action-submit-signing-requestaction to request signing for all three of those files at once, once we create a configuration for that on the SignPath web site.Note that
./build Prepare-SignPath --configuration=Release --exclusivecan be used to skip the compilation and repack steps and only copy files into the dir if the requisite build steps have already been completed.