Added sign and release workflow; updated version in package.json; updated changelog

danae · danae · commit 9bfde6586e4b · 2026-05-18T15:13:43.000+02:00
diff --git a/.github/workflows/sign-and-release.yml b/.github/workflows/sign-and-release.yml
@@ -0,0 +1,72 @@
+name: Sign and release
+
+on:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  sign:
+    name: Sign UPM package
+    runs-on: ubuntu-latest
+    env:
+      UPM_SERVICE_ACCOUNT_KEY_ID: ${{ secrets.UPM_SERVICE_ACCOUNT_KEY_ID }}
+      UPM_SERVICE_ACCOUNT_KEY_SECRET: ${{ secrets.UPM_SERVICE_ACCOUNT_KEY_SECRET }}
+      UPM_ORG_ID: ${{ secrets.UPM_ORG_ID }}
+      DIST_DIR: /tmp/signed-upm-dist
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Read package metadata
+        run: |
+          package_name="$(jq -r '.name' package.json)"
+          package_version="$(jq -r '.version' package.json)"
+
+          echo "PACKAGE_NAME=$package_name" >> "$GITHUB_ENV"
+          echo "PACKAGE_VERSION=$package_version" >> "$GITHUB_ENV"
+
+          printf 'Package name: %s\n' "$package_name"
+          printf 'Package version: %s\n' "$package_version"
+
+      - name: Install Unity UPM CLI
+        run: |
+          curl -fsSL https://cdn.packages.unity.com/upm-cli/install.sh -o install.sh
+          bash install.sh
+          echo "$HOME/.upm/bin" >> "$GITHUB_PATH"
+
+      - name: Verify Unity UPM CLI
+        run: upm --help
+
+      - name: Sign package
+        run: |
+          mkdir -p "$DIST_DIR"
+          upm pack . --organization-id "$UPM_ORG_ID" --destination "$DIST_DIR"
+
+      - name: Print signed package info
+        run: |
+          shopt -s nullglob
+          archives=("$DIST_DIR"/*.tgz "$DIST_DIR"/*.tar.gz)
+          if [ "${#archives[@]}" -ne 1 ]; then
+            printf 'Expected exactly one signed package archive, found %s\n' "${#archives[@]}" >&2
+            exit 1
+          fi
+
+          archive="${archives[0]}"
+          tar -tzf "$archive" | grep -qx 'package/package.json'
+          tar -tzf "$archive" | grep -qx 'package/.attestation.p7m'
+
+          echo "PACKAGE_ARCHIVE=$archive" >> "$GITHUB_ENV"
+          printf 'Archive: %s\n' "$(basename "$archive")"
+          tar -xOzf "$archive" package/package.json | jq '{name, version}'
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            /tmp/signed-upm-dist/*.tgz
+            /tmp/signed-upm-dist/*.tar.gz
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.4] - 2026-05-18
+
+### Security
+
+- Added sign and release workflow to sign and release an UPM package when a Git tag is pushed.
+
 ## [1.0.3] - 2024-12-27
 
 ### Changed
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ This package includes a locale selector that uses the Steam client language to s
 
 This package depends on the following packages:
 
-* [Localization](https://openupm.com/packages/com.audune.localization/), version **3.0.0** or higher.
+* [Localization](https://openupm.com/packages/com.audune.localization/), version **3.1.1** or higher.
 * [Steamworks.NET](https://openupm.com/packages/com.rlabrecque.steamworks.net/), version **20.0.0** or higher.
 
 If you're installing the required packages from the [OpenUPM registry](https://openupm.com/), make sure to add a scoped registry with the URL `https://package.openupm.com` and the required scopes before installing the packages.
diff --git a/package.json b/package.json
@@ -1,20 +1,20 @@
 {
   "name": "com.audune.localization.steam",
   "displayName": "Steam Localization Integration",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "unity": "2022.3",
   "description": "Steam localization integration for the Audune Localization package",
   "documentationUrl": "https://github.com/audunegames/steam-localization-integration",
   "changelogUrl": "https://github.com/audunegames/steam-localization-integration/tree/master/CHANGELOG.md",
   "licensesUrl": "https://www.gnu.org/licenses/lgpl-3.0.html",
-  "license": "GPL-3.0-or-later",
+  "license": "LGPL-3.0-or-later",
   "author": {
-    "name": "Audune Games",
+    "name": "Audune",
     "email": "support@audune.com",
     "url": "https://audune.com/"
   },
   "dependencies": {
-    "com.audune.localization": "3.0.1",
+    "com.audune.localization": "3.1.1",
     "com.rlabrecque.steamworks.net": "20.0.0"
   }
 }
