jumping back to mac runner only, this is in progress

.github/actions/publish/action.yml

@@ -4,48 +4,6 @@ description: 'Dotnet Client SDK Publish action.'
 runs:
   using: composite
   steps:
-    # - name: Install Jsign for Linux for signing DLLs
-    #   shell: bash
-    #   run: |
-    #     curl -fSslL https://github.com/ebourg/jsign/releases/download/4.2/jsign_4.2_all.deb -o jsign_4.2_all.deb
-    #     sudo dpkg --install jsign_4.2_all.deb
-
-    # - name: Set up certificate on filesystem
-    #   shell: bash 
-    #   run: | 
-    #     echo "${{ env.DIGICERT_CLIENT_CERT_FILE_B64 }}" | base64 --decode > ${{ github.workspace }}/Certificate_pkcs12.p12 
-
-    # - name: Set env variables used by smctl
-    #   id: variables 
-    #   shell: bash
-    #   run: | 
-    #     echo "SM_HOST=${{ env.DIGICERT_HOST }}" >> "$GITHUB_ENV" 
-    #     echo "SM_API_KEY=${{ env.DIGICERT_API_KEY }}" >> "$GITHUB_ENV" 
-    #     echo "SM_CLIENT_CERT_FILE=${{ github.workspace }}/Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
-    #     echo "SM_CLIENT_CERT_PASSWORD=${{ env.DIGICERT_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" 
-    #     echo "PKCS11_CONFIG=/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" >> "$GITHUB_ENV"
-
-    # - name: Configure Digicert Secure Software Manager
-    #   uses: digicert/[email protected]
-    #   env:
-    #     SM_API_KEY: ${{ env.DIGICERT_API_KEY }}
-    #     SM_CLIENT_CERT_PASSWORD: ${{ env.DIGICERT_CLIENT_CERT_PASSWORD }}
-    #     SM_CLIENT_CERT_FILE: ${{ env.DIGICERT_CLIENT_CERT_FILE_B64 }}
-
-    # - name: Sign DLLs
-    #   shell: bash
-    #   run: |
-    #     for dll in $(find . -name LaunchDarkly.ClientSdk.dll); do
-    #       echo "${dll}"
-    #       smctl sign --keypair-alias key_573919999 --config-file="/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" --input "${dll}"
-    #     done
-
-# for dll in $(find ./src/LaunchDarkly.ClientSdk/bin/Release -name LaunchDarkly.ClientSdk.dll); do
-
-    - name: Restore workloads
-      shell: bash
-      run: |
-        dotnet workload restore
 
     - name: Create Nuget Package
       shell: bash

.github/actions/sign/action.yml

@@ -0,0 +1,41 @@
+name: Publish Action
+description: 'Dotnet Client SDK Publish action.'
+
+runs:
+  using: composite
+  steps:
+    - name: Install Jsign for Linux for signing DLLs
+      shell: bash
+      run: |
+        curl -fSslL https://github.com/ebourg/jsign/releases/download/4.2/jsign_4.2_all.deb -o jsign_4.2_all.deb
+        sudo dpkg --install jsign_4.2_all.deb
+
+    - name: Set up certificate on filesystem
+      shell: bash 
+      run: | 
+        echo "${{ env.DIGICERT_CLIENT_CERT_FILE_B64 }}" | base64 --decode > ${{ github.workspace }}/Certificate_pkcs12.p12 
+
+    - name: Set env variables used by smctl
+      id: variables 
+      shell: bash
+      run: | 
+        echo "SM_HOST=${{ env.DIGICERT_HOST }}" >> "$GITHUB_ENV" 
+        echo "SM_API_KEY=${{ env.DIGICERT_API_KEY }}" >> "$GITHUB_ENV" 
+        echo "SM_CLIENT_CERT_FILE=${{ github.workspace }}/Certificate_pkcs12.p12" >> "$GITHUB_ENV" 
+        echo "SM_CLIENT_CERT_PASSWORD=${{ env.DIGICERT_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" 
+        echo "PKCS11_CONFIG=/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" >> "$GITHUB_ENV"
+
+    - name: Configure Digicert Secure Software Manager
+      uses: digicert/[email protected]
+      env:
+        SM_API_KEY: ${{ env.DIGICERT_API_KEY }}
+        SM_CLIENT_CERT_PASSWORD: ${{ env.DIGICERT_CLIENT_CERT_PASSWORD }}
+        SM_CLIENT_CERT_FILE: ${{ env.DIGICERT_CLIENT_CERT_FILE_B64 }}
+
+    - name: Sign DLLs
+      shell: bash
+      run: |
+        for dll in $(find ./src/LaunchDarkly.ClientSdk/bin/Release -name LaunchDarkly.ClientSdk.dll); do
+          echo "${dll}"
+          smctl sign --keypair-alias key_573919999 --config-file="/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" --input "${dll}"
+        done

.github/workflows/publish.yml

@@ -83,3 +83,37 @@ jobs:
 
       - name: Publish
         uses: ./.github/actions/publish
+
+# Signing is done on Ubuntu
+  publish:
+    runs-on: ubuntu-latest
+    # needs: build
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # If you only need the current version keep this
+
+      # - name: Restore release artifacts
+      #   uses: actions/download-artifact@v3
+      #   with:
+      #     name: dir-bin-release
+      #     path: src/LaunchDarkly.ClientSdk/bin/Release/
+
+      - name: Get artifacts
+        shell: bash
+        run: |
+          curl -X GET  https://files.slack.com/files-pri/T03NX240W-F06ACU51BBM/download/dir-bin-release.zip?pub_secret=6653b0a17b -o artifacts.zip
+          mkdir -p ./src/LaunchDarkly.ClientSdk/bin/Release/
+          unzip artifacts.zip -d ./src/LaunchDarkly.ClientSdk/bin/Release/
+
+      - uses: launchdarkly/gh-actions/actions/[email protected]
+        name: Get secrets
+        with:
+          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
+          ssm_parameter_pairs: '/production/common/releasing/digicert/host = DIGICERT_HOST,/production/common/releasing/digicert/api_key = DIGICERT_API_KEY,/production/common/releasing/digicert/client_cert_file_b64 = DIGICERT_CLIENT_CERT_FILE_B64,/production/common/releasing/digicert/client_cert_password = DIGICERT_CLIENT_CERT_PASSWORD,/production/common/releasing/digicert/code_signing_cert_sha1_hash = DIGICERT_CODE_SIGNING_CERT_SHA1_HASH'
+
+      - name: Publish
+        uses: ./.github/actions/publish