Use azure/trusted-signing-action to sign binaries

NetOfficeFw · Jun 8, 2024 · 30bc05b · 30bc05b
1 parent 9395328
commit 30bc05b
Showing 1 changed file with 12 additions and 15 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -73,21 +73,18 @@ jobs:
 
     - name: Sign NetOffice libraries
       if: success() && steps.build.outputs.sign_binaries == 'true'
-      working-directory: '${{ github.workspace}}'
-      run: |
-          AzureSignTool.exe sign `
-          --file-digest sha256 `
-          --description-url "https://github.com/NetOfficeFw/NetOffice" `
-          --no-page-hashing `
-          --timestamp-rfc3161 http://timestamp.digicert.com `
-          --timestamp-digest sha256 `
-          --azure-key-vault-url https://opensourcesigning.vault.azure.net `
-          --azure-key-vault-tenant-id "${{ secrets.KEYVAULT_TENANT_ID }}" `
-          --azure-key-vault-client-id "${{ secrets.KEYVAULT_CLIENT_ID }}" `
-          --azure-key-vault-client-secret "${{ secrets.KEYVAULT_CLIENT_SECRET }}" `
-          --azure-key-vault-certificate "goITSolutions-until-2024-01" `
-          --input-file-list obj/signlist.txt `
-          --verbose
+      uses: azure/[email protected]
+      with:
+          azure-tenant-id: ${{ secrets.KEYVAULT_TENANT_ID }}
+          azure-client-id: ${{ secrets.KEYVAULT_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.KEYVAULT_CLIENT_SECRET }}
+          endpoint: ${{ env.KEYVAULT_ENDPOINT }}
+          trusted-signing-account-name: ${{ env.KEYVAULT_ACCOUNT_NAME }}
+          certificate-profile-name: ${{ secrets.KEYVAULT_CERTIFICATE_PROFILE }}
+          files-catalog: '${{ github.workspace }}/obj/signlist.txt'
+          file-digest: SHA256
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
 
     - name: Archive NetOffice binaries
       uses: actions/upload-artifact@v3