release #15

	name: release
	on:
	workflow_dispatch:
	inputs:
	workflow_run_id:
	description: 'ID of the workflow run to fetch artifacts from'
	required: true
	type: string
	signed_binary_name:
	description: 'Name of the signed binary'
	required: false
	default: 'spiceai.taco'
	type: string
	release:
	types: [created]

	jobs:
	build:
	runs-on: code-signing
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Download Artifact
	uses: actions/download-artifact@v4
	with:
	name: spice.unsigned.taco
	github-token: ${{ secrets.GITHUB_TOKEN }}
	run-id: ${{ inputs.workflow_run_id }}

	- name: Copy unsigned taco
	run: \|
	cp spice.taco ${{ inputs.signed_binary_name }}
	echo "Signed binary name: ${{ inputs.signed_binary_name }}"

	# - name: Set up Java for signing
	# uses: actions/setup-java@v4
	# with:
	# java-version: '11'
	# distribution: 'zulu'

	- name: Sign ${{ inputs.signed_binary_name }}
	shell: powershell
	env:
	DIGICERT_TOKEN_PASSWORD: ${{ secrets.DIGICERT_TOKEN_PASSWORD }}
	DIGICERT_KEY_ALIAS: ${{ secrets.DIGICERT_KEY_ALIAS }}
	DIGICERT_TOKEN_CFG_PATH: ${{ secrets.DIGICERT_TOKEN_CFG_PATH }}
	run: \|
	echo $env:DIGICERT_TOKEN_CFG_PATH
	echo "$DIGICERT_TOKEN_CFG_PATH"

	#echo %DIGICERT_TOKEN_CFG_PATH% && PowerShell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process; .\sign.ps1"

	- name: Upload to release
	uses: softprops/action-gh-release@v2
	if: startsWith(github.ref, 'refs/tags/')
	with:
	draft: true
	prerelease: true
	fail_on_unmatched_files: true
	files: ${{ inputs.signed_binary_name }}

Provide feedback