sign installer with new code sign workflow

.github/workflows/build-test-installer-release.yml

@@ -74,8 +74,8 @@ jobs:
           if-no-files-found: error
           retention-days: 1
 
-  installer:
-    name: Make installer
+  build-installer:
+    name: Make Installer
     needs: build-and-test
     runs-on: windows-2019
 
@@ -97,27 +97,35 @@ jobs:
       - name: Build Installer
         run: iscc installer/setup.iss
 
-      - name: Save installer as artifact
-        uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v4
         with:
-          name: solid-installer
+          name: SolidInstaller.exe
           path: installer\Output\SolidInstaller.exe
           if-no-files-found: error
 
+  sign-installer:
+    name: Sign SOLID installer
+    needs: build-installer
+    uses: sillsdev/codesign/.github/workflows/sign.yml@v1
+    with:
+      target: SolidInstaller.exe
+    secrets:
+      certificate: ${{ secrets.CODESIGN_LSDEVSECTIGOEV }}
+
+
   create-release:
-    name: Create release
-    needs: installer
-    runs-on: ubuntu-latest
-    # if: startsWith(github.ref, 'refs/tags/v')
+    name: Create Release
+    needs: sign-installer
 
-    steps:
+    # run on LTOps self-hosted runner with signing capabilities
+    runs-on: windows-latest
 
+    if: startsWith(github.ref, 'refs/tags/v')
+
+    steps:
       - uses: actions/download-artifact@v4
         with:
-          name: solid-installer
-
-      - name: Display structure of downloaded files
-        run: ls -R
+          name: SolidInstaller.exe
 
       - name: Create Release
         uses: softprops/action-gh-release@v2