Merge pull request #6707 from n-stein/master

Sign .deb and AppImage with Sigstore in GitHub Actions CI

.github/workflows/ubuntu-ci.yml

@@ -4,6 +4,10 @@ on:
   push:
     branches:
       - "master"
+  pull_request:
+    branches:
+      - "master"
+    types: [opened, reopened, edited]
 
 jobs:
   build:
@@ -71,12 +75,15 @@ jobs:
           mkdir /home/runner/work/moneymanagerex/moneymanagerex/build/AppDir
           make install DESTDIR=/home/runner/work/moneymanagerex/moneymanagerex/build/AppDir
           echo "artifact_name=$(ls mmex*.deb)" >> $GITHUB_OUTPUT
-          
-      - name: Upload DEB Package
-        uses: actions/upload-artifact@v4
+
+      - name: Install Sigstore Python dependencies
+        run: python -m pip install email-validator
+
+      - name: Sign and Upload DEB
+        uses: sigstore/gh-action-sigstore-python@v2.1.1
         with:
-          name: ${{ steps.mmex-build.outputs.artifact_name }}
-          path: ${{ github.workspace }}/build/mmex*.deb
+          inputs: ${{ github.workspace }}/build/mmex*.deb
+          upload-signing-artifacts: true
 
       - name: Generate AppImage
         if: ${{ matrix.os == 'ubuntu-20.04' }}
@@ -89,10 +96,10 @@ jobs:
           sed -i "s/version: latest/version: $(grep '^Version ' ../NEWS | head -n 1 | sed 's/Version //;s/ /-/;s/ /./')/" .appimage-builder.yml
           ./appimage-builder --recipe .appimage-builder.yml
           echo "artifact_name=$(ls MMEX*.AppImage)" >> $GITHUB_OUTPUT
-          
-      - name: Upload AppImage
+      
+      - name: Sign and Upload AppImage
         if: ${{ matrix.os == 'ubuntu-20.04' }}
-        uses: actions/upload-artifact@v4
+        uses: sigstore/gh-action-sigstore-python@v2.1.1
         with:
-          name: ${{ steps.appimage-build.outputs.artifact_name }}
-          path: ${{ github.workspace }}/build/MMEX*.AppImage
+          inputs: ${{ github.workspace }}/build/MMEX*.AppImage
+          upload-signing-artifacts: true