From 7ae65a76eddf183e79620666bb7688f32fc8c435 Mon Sep 17 00:00:00 2001
From: Russ Cam <russ.cam@forloop.co.uk>
Date: Thu, 23 May 2024 19:56:38 +1000
Subject: [PATCH] Update release.yml

Install ca cert chain in probe path of dotnet nuget sign
---
 .github/workflows/release.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 33bb678..130a2eb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,9 +26,12 @@ jobs:
 
     - name: Sign Nuget package
       env:
-        NUGET_API_KEY: ${{ secrets.NUGET_SIGNING_PFX }}
+        NUGET_SIGNING_PFX: ${{ secrets.NUGET_SIGNING_PFX }}
+        NUGET_ROOT_SIGNING_CERT: ${{ secrets.NUGET_ROOT_SIGNING_CERT }}
       run: |
-        echo "${secrets.NUGET_SIGNING_PFX}" | base64 --decode > private.pfx
+        sudo mkdir -p /etc/pki/ca-trust/extracted/pem/
+        echo "$NUGET_ROOT_SIGNING_CERT" | sudo tee -a /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem  > /dev/null
+        echo "$NUGET_SIGNING_PFX" | openssl base64 -d -out private.pfx
         dotnet nuget sign nuget/*.nupkg --certificate-path private.pfx --timestamper http://timestamp.sectigo.com
       shell: bash  
 
@@ -42,4 +45,4 @@ jobs:
       uses: actions/upload-artifact@v4
       with:
           name: LinguaNugetPkg
-          path: nuget
\ No newline at end of file
+          path: nuget