Sign Installer #8

	name: Sign Installer

	on:
	workflow_dispatch:

	jobs:
	sign-installer:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Set up OpenSSL
	run: sudo apt-get install openssl

	- name: Sign installer
	run: \|
	# Download the installer from the given URL
	curl -L -o windows-installer-latest.exe https://storage.googleapis.com/github-release-files-storage/latest/windows-installer-latest.exe

	# Decode the private key and certificate chain from secrets
	echo "${{ secrets.PRIVATE_KEY }}" > private_key.pem
	echo "${{ secrets.CERTIFICATE_CHAIN }}" > certificate_chain.pem

	# Sign the installer with the private key and certificate chain
	openssl smime -sign -in windows-installer-latest.exe -out windows-installer-latest.signed.exe -signer certificate_chain.pem -inkey private_key.pem -outform DER

	# Optionally, verify the signed file (this step checks the signature)
	openssl smime -verify -inform DER -in windows-installer-latest.signed.exe -CAfile certificate_chain.pem

Provide feedback