From ca051e99b33342210dc8d47710649cb198c82429 Mon Sep 17 00:00:00 2001
From: Alex Koksin <alex.koksin@meshinspector.com>
Date: Sat, 28 Dec 2024 20:04:30 +0400
Subject: [PATCH 1/5] Sign every build

---
 .github/workflows/build-test-distribute.yml | 30 +++++++++++++++++++++
 .github/workflows/sign-upload-nuget.yml     |  7 +----
 2 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-test-distribute.yml b/.github/workflows/build-test-distribute.yml
index a6970e100107..c5cca99ed88b 100644
--- a/.github/workflows/build-test-distribute.yml
+++ b/.github/workflows/build-test-distribute.yml
@@ -231,6 +231,36 @@ jobs:
          name: DistributivesNuGet
          path: MeshLib.nupkg
          retention-days: 1
+  sign-nuget:
+    timeout-minutes: 10
+    needs: create-nuget-package
+    runs-on: [windows-x64-codesign]
+    steps:
+      - name: Remove old local NuGet packages
+        run: Remove-Item "MeshLib*.nupkg"
+        
+      - name: Download NuGet package
+        uses: actions/download-artifact@v4
+        with:
+          pattern: DistributivesNuGet*
+          
+      - name: Delete unsigned NuGet package
+        uses: geekyeggo/delete-artifact@v5
+        with:
+          name: DistributivesNuGet*
+          failOnError: false
+     
+      - name: Sign NuGet package with certificate
+        run: |
+          jsign --storetype ETOKEN --storepass "${{ secrets.WINDOWS_SIGNTOOL_KC_PARAM_TOKEN_PASSWORD }}" -tsaurl http://timestamp.digicert.com MeshLib.nupkg
+          nuget verify -All -Verbosity detailed MeshLib.nupkg
+          
+      - name: Upload Signed NuGet Package
+        uses: actions/upload-artifact@v4
+        with:
+          name: DistributivesNuGet
+          path: MeshLib.nupkg
+          retention-days: 1
 
   upload-distributions:
     if: ${{ !cancelled() && needs.config.outputs.upload_artifacts == 'true' }}
diff --git a/.github/workflows/sign-upload-nuget.yml b/.github/workflows/sign-upload-nuget.yml
index 273fa3549961..18b9afb38a5c 100644
--- a/.github/workflows/sign-upload-nuget.yml
+++ b/.github/workflows/sign-upload-nuget.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions-ecosystem/action-get-latest-tag@v1
         id: get-latest-tag
         
-  sign-upload:
+upload:
     timeout-minutes: 10
     needs: setup
     runs-on: [windows-x64-codesign]
@@ -35,11 +35,6 @@ jobs:
                               --repo $env:GITHUB_REPOSITORY `
                               --pattern "MeshLib_${{needs.setup.outputs.version_tag}}.nupkg"    
      
-      - name: Sign NuGet package with certificate
-        run: |
-          jsign --storetype ETOKEN --storepass "${{ secrets.WINDOWS_SIGNTOOL_KC_PARAM_TOKEN_PASSWORD }}" -tsaurl http://timestamp.digicert.com MeshLib_${{needs.setup.outputs.version_tag}}.nupkg
-          nuget verify -All -Verbosity detailed MeshLib_${{needs.setup.outputs.version_tag}}.nupkg
-      
       - name: Upload signed NuGet package
         run: |
           nuget push MeshLib_${{needs.setup.outputs.version_tag}}.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json

From f0cf9e1530de18623df411443dc915f394a0be8c Mon Sep 17 00:00:00 2001
From: Anton Chernobrovkin <anton.chernobrovkin@meshinspector.com>
Date: Wed, 26 Feb 2025 18:53:27 +0400
Subject: [PATCH 2/5] Delete sign-upload-nuget for testing purposes

---
 .github/workflows/sign-upload-nuget.yml | 40 -------------------------
 1 file changed, 40 deletions(-)
 delete mode 100644 .github/workflows/sign-upload-nuget.yml

diff --git a/.github/workflows/sign-upload-nuget.yml b/.github/workflows/sign-upload-nuget.yml
deleted file mode 100644
index 18b9afb38a5c..000000000000
--- a/.github/workflows/sign-upload-nuget.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: Sign and Upload NuGet
-
-on:
-  release:
-   types: [ published ]
-  workflow_dispatch:
-  
-
-jobs:
-  setup:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    outputs:
-      version_tag: ${{ steps.get-latest-tag.outputs.tag }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - uses: actions-ecosystem/action-get-latest-tag@v1
-        id: get-latest-tag
-        
-upload:
-    timeout-minutes: 10
-    needs: setup
-    runs-on: [windows-x64-codesign]
-    steps:
-      - name: Remove old local NuGet packages
-        run: Remove-Item "MeshLib_*.nupkg"
-        
-      - name: Download NuGet package
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          gh release download ${{needs.setup.outputs.version_tag}} `
-                              --repo $env:GITHUB_REPOSITORY `
-                              --pattern "MeshLib_${{needs.setup.outputs.version_tag}}.nupkg"    
-     
-      - name: Upload signed NuGet package
-        run: |
-          nuget push MeshLib_${{needs.setup.outputs.version_tag}}.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json

From 4e5727861ea3973f9c2be932aaed49776b4bc4c2 Mon Sep 17 00:00:00 2001
From: Anton Chernobrovkin <anton.chernobrovkin@meshinspector.com>
Date: Thu, 27 Feb 2025 14:11:56 +0400
Subject: [PATCH 3/5] Debug sign nuget package

---
 .github/workflows/build-test-distribute.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/build-test-distribute.yml b/.github/workflows/build-test-distribute.yml
index c5cca99ed88b..f45885004971 100644
--- a/.github/workflows/build-test-distribute.yml
+++ b/.github/workflows/build-test-distribute.yml
@@ -243,12 +243,18 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           pattern: DistributivesNuGet*
+
+      - name: List files
+        run: Get-ChildItem
           
       - name: Delete unsigned NuGet package
         uses: geekyeggo/delete-artifact@v5
         with:
           name: DistributivesNuGet*
           failOnError: false
+
+      - name: List files
+        run: Get-ChildItem
      
       - name: Sign NuGet package with certificate
         run: |

From 82efc1b5889ad1823b7fec39b00f9149d0c56cc0 Mon Sep 17 00:00:00 2001
From: Anton Chernobrovkin <anton.chernobrovkin@meshinspector.com>
Date: Thu, 27 Feb 2025 15:32:34 +0400
Subject: [PATCH 4/5] Debug sign nuget package

---
 .github/workflows/build-test-distribute.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-test-distribute.yml b/.github/workflows/build-test-distribute.yml
index f45885004971..7db94f70475a 100644
--- a/.github/workflows/build-test-distribute.yml
+++ b/.github/workflows/build-test-distribute.yml
@@ -254,18 +254,18 @@ jobs:
           failOnError: false
 
       - name: List files
-        run: Get-ChildItem
+        run: Get-ChildItem DistributivesNuGet
      
       - name: Sign NuGet package with certificate
         run: |
-          jsign --storetype ETOKEN --storepass "${{ secrets.WINDOWS_SIGNTOOL_KC_PARAM_TOKEN_PASSWORD }}" -tsaurl http://timestamp.digicert.com MeshLib.nupkg
+          jsign --storetype ETOKEN --storepass "${{ secrets.WINDOWS_SIGNTOOL_KC_PARAM_TOKEN_PASSWORD }}" -tsaurl http://timestamp.digicert.com DistributivesNuGet/MeshLib.nupkg
           nuget verify -All -Verbosity detailed MeshLib.nupkg
           
       - name: Upload Signed NuGet Package
         uses: actions/upload-artifact@v4
         with:
           name: DistributivesNuGet
-          path: MeshLib.nupkg
+          path: DistributivesNuGet/MeshLib.nupkg
           retention-days: 1
 
   upload-distributions:

From 4d58db87bc4c5f12bcae7ac559553f412397aba7 Mon Sep 17 00:00:00 2001
From: Anton Chernobrovkin <anton.chernobrovkin@meshinspector.com>
Date: Thu, 27 Feb 2025 16:30:08 +0400
Subject: [PATCH 5/5] Debug sign nuget package

---
 .github/workflows/build-test-distribute.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-test-distribute.yml b/.github/workflows/build-test-distribute.yml
index 7db94f70475a..6d09bed068f7 100644
--- a/.github/workflows/build-test-distribute.yml
+++ b/.github/workflows/build-test-distribute.yml
@@ -259,7 +259,7 @@ jobs:
       - name: Sign NuGet package with certificate
         run: |
           jsign --storetype ETOKEN --storepass "${{ secrets.WINDOWS_SIGNTOOL_KC_PARAM_TOKEN_PASSWORD }}" -tsaurl http://timestamp.digicert.com DistributivesNuGet/MeshLib.nupkg
-          nuget verify -All -Verbosity detailed MeshLib.nupkg
+          nuget verify -All -Verbosity detailed DistributivesNuGet/MeshLib.nupkg
           
       - name: Upload Signed NuGet Package
         uses: actions/upload-artifact@v4