From 4ee41cf1982334ef0637864a61e9cdc2c1abb4a8 Mon Sep 17 00:00:00 2001
From: Chris Titus <dfm.titus@gmail.com>
Date: Fri, 2 Aug 2024 19:10:09 -0500
Subject: [PATCH] error check code signing

---
 .github/workflows/compile.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/compile.yaml b/.github/workflows/compile.yaml
index c2fb6b9e..5eb73b58 100644
--- a/.github/workflows/compile.yaml
+++ b/.github/workflows/compile.yaml
@@ -32,6 +32,11 @@ jobs:
         $cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
         if ($null -eq $cert) { throw "Code signing certificate not found" }
         Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
+    - name: Verify code signature
+      shell: pwsh
+      run: |
+        $signature = Get-AuthenticodeSignature -FilePath ./winutil.ps1
+        if ($signature.Status -ne 'Valid') { throw "Code signing failed" }
     - name: Upload winutil.ps1 as artifact
       uses: actions/upload-artifact@v2
       with: