Sign the Endless Key app (for Windows) with SignPath service

[starnight]

https://phabricator.endlessm.com/T33228

[jprvita]

I think we should not send it over to be signed every time someone pushes to a branch. I think we should only automatically send artifacts for signing during releases, and have a workflow that can be manually triggered for testing.

I have tried to implement that by making the signing step conditional in the same way as the release step, and adjusted that step to use the release signing policy (which has a placeholder self-signed cert for now).

Then I created a separate workflow that can only be manually triggered, which will build the HEAD of master and submit it for signing using the test policy, which uses our self-signed certificate for test builds (which I attached to the ticket for now, but we should store somewhere accessible to devs).

[jprvita]

Then I created a separate workflow that can only be manually triggered, which will build the HEAD of master and submit it for signing using the test policy, which uses our self-signed certificate for test builds (which I attached to the ticket for now, but we should store somewhere accessible to devs).

One important remark: I was not able to test this extra workflow, as I believe it only becomes available after it gets merged to master (but I could be missing something here, as this is my first time creating GH actions).

[starnight]

I think we should not send it over to be signed every time someone pushes to a branch. I think we should only automatically send artifacts for signing during releases, and have a workflow that can be manually triggered for testing.

I think the idea will practice like Reusing workflows in the future, or next ticket.

But, let's see what will happen for this.

[starnight]

Found we can check github.event_name == 'workflow_dispatch' simply! Manually triggered Github Action is always being skipped