From 00fac5e61490d9361ed45258fea9fc70a4dec51e Mon Sep 17 00:00:00 2001
From: GyulyVGC <gyulyvgc99@gmail.com>
Date: Wed, 23 Jul 2025 17:31:02 +0200
Subject: [PATCH] update package CI/CD to sign the Windows Installer using
 SignPath

---
 .github/workflows/package.yml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
index f89dbbe4..6e683797 100644
--- a/.github/workflows/package.yml
+++ b/.github/workflows/package.yml
@@ -318,9 +318,29 @@ jobs:
           cargo wix --no-build --nocapture --target ${{ matrix.target }}
           Move-Item -Path target\wix\sniffnet*.msi -Destination .\artifacts\Sniffnet_Windows_${{ matrix.arch }}.msi
 
-      - name: Upload package artifacts
+      - name: Upload unsigned package artifacts
+        id: upload-unsigned-artifact
         uses: actions/upload-artifact@v4
         with:
           name: msi-${{ matrix.arch }}
           path: artifacts/
           if-no-files-found: error
+
+      - name: Sign package artifacts
+        uses: signpath/github-action-submit-signing-request@v1.1
+        with:
+          api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
+          organization-id: '3b533e02-73c3-4908-a018-d09a34498a6a'
+          project-slug: 'sniffnet'
+          signing-policy-slug: 'test-signing'
+          github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.artifact-id }}'
+          wait-for-completion: true
+          output-artifact-directory: './artifacts'
+
+      - name: Upload signed package artifacts (overwrite unsigned)
+        uses: actions/upload-artifact@v4
+        with:
+          name: msi-${{ matrix.arch }}
+          path: artifacts/
+          if-no-files-found: error
+          overwrite: true