From 09e86105859b927f702c839af1e1420b74c5727b Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 19:13:23 +0000
Subject: [PATCH 01/13] Update release action to use Azure Key Vault for
 digital signing.

---
 .github/workflows/release.yaml | 70 +++++++++++++++++++++++++---------
 1 file changed, 52 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 08acf65..e9af82f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -3,6 +3,7 @@
 on:
   release:
     types: [created]
+  push:
 
 jobs:
   build-matrix:
@@ -40,7 +41,7 @@ jobs:
         CGO_ENABLED=0 go build -o fmeflow${{ matrix.exe-ext }} -ldflags="-X \"github.com/safesoftware/fmeflow-cli/cmd.appVersion=${{ env.APP_VERSION }}\""
 
     - name: Upload artifact for later steps
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: fmeflow-${{ matrix.os }}-${{ matrix.arch }}
         path: fmeflow${{ matrix.exe-ext }}
@@ -78,26 +79,58 @@ jobs:
     runs-on: windows-latest
     steps:
     - name: Download
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: fmeflow-windows-amd64
     
+    - uses: azure/login@v2
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Whitelist GitHub Runner IP
+      uses: azure/cli@v2
+      with:
+        inlineScript: |
+          set -eu
+          $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
+          az keyvault network-rule add \
+            -g "${{ secrets.AZURE_RESOURCE_GROUP }}" \
+            -n "${{ secrets.KEY_VAULT_NAME }}" \
+            --ip-address $agentIP
+          az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated
+    - name: Install AzureSignTool
+      run: |
+        dotnet tool install --global AzureSignTool --version 6.0.1
+
     - name: Sign
-      env:
-        CERTPASS: ${{secrets.PROD_WIN_CERTIFICATE_PWD}}
-        SIGNCERT: ${{secrets.PROD_WIN_CERTIFICATE}}
       run: |
-        # Create buffer from the BASE64 string of the PFX stored in the secret
-        $buffer = [System.Convert]::FromBase64String($env:SIGNCERT)
-        # Create new certificate object from the buffer and the certificate pass
-        $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New($buffer, $env:CERTPASS)
-        Set-AuthenticodeSignature -HashAlgorithm SHA256 -Certificate $certificate -TimestampServer http://timestamp.digicert.com -FilePath fmeflow.exe
+        azuresigntool sign -coe \
+          --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ \
+          --azure-key-vault-managed-identity \
+          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} \
+          --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' \
+          --file-digest SHA256 \
+          --timestamp-rfc3161 http://timestamp.digicert.com \
+          --timestamp-digest SHA256 \
+          fmeflow.exe
+
+    - name: Remove IP from Key Vault firewall
+      uses: azure/CLI@v1
+      with:
+        inlineScript: |
+          set -eu
+          $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
+          az keyvault network-rule remove \
+            -g "${{ secrets.AZURE_RESOURCE_GROUP }}" \
+            -n "${{ secrets.KEY_VAULT_NAME }}" \
+            --ip-address $agentIP
     
     - name: Reupload artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: fmeflow-windows-amd64
         path: fmeflow.exe
+        overwrite: true
 
   sign-macosx:
     name: Sign Mac Binaries
@@ -110,7 +143,7 @@ jobs:
         arch: [amd64, arm64]
     steps:
     - name: Download
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: fmeflow-${{ matrix.os }}-${{ matrix.arch }}
 
@@ -169,10 +202,11 @@ jobs:
         xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
 
     - name: Reupload artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: fmeflow-${{ matrix.os }}-${{ matrix.arch }}
         path: fmeflow
+        overwrite: true
 
   compress-files:
     name: Compress binaries and release
@@ -200,7 +234,7 @@ jobs:
             type: tar
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download
       uses: actions/download-artifact@v3
       with:
@@ -227,8 +261,8 @@ jobs:
         cat fmeflow-${{ matrix.os }}-${{ matrix.arch }}.${{ matrix.zip-ext }}.md5
 
     # Add compressed files and md5 hashes to the release
-    - uses: AButler/upload-release-assets@v2.0
-      with:
-        files: '*.md5;*.zip;*.tar.gz'
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
+    #- uses: AButler/upload-release-assets@v3.0
+    #  with:
+    #    files: '*.md5;*.zip;*.tar.gz'
+    #    repo-token: ${{ secrets.GITHUB_TOKEN }}
 

From 7663e817eac04a46723de006ddfd3fabcb6ac5f3 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:22:10 +0000
Subject: [PATCH 02/13] Update macos runner version. Comment out docker for
 testing.

---
 .github/workflows/release.yaml | 52 +++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e9af82f..afd5861 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -47,31 +47,31 @@ jobs:
         path: fmeflow${{ matrix.exe-ext }}
         if-no-files-found: error
 
-  build-docker:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v3
-    - name: Login to Docker Hub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - name: Set APP_VERSION env
-      run: echo APP_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
-    - name: Build and Push Docker Image
-      uses: docker/build-push-action@v4
-      with:
-        context: .
-        push: true
-        tags: safesoftware/fmeflow-cli:${{ env.APP_VERSION }}, safesoftware/fmeflow-cli:latest
-        platforms: linux/amd64,linux/arm64
-        build-args: |
-          APP_VERSION=${{ env.APP_VERSION }}
+  # build-docker:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - name: Checkout code
+  #     uses: actions/checkout@v3
+  #   - name: Login to Docker Hub
+  #     uses: docker/login-action@v2
+  #     with:
+  #       username: ${{ secrets.DOCKER_USERNAME }}
+  #       password: ${{ secrets.DOCKER_PASSWORD }}
+  #   - name: Set APP_VERSION env
+  #     run: echo APP_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
+  #   - name: Set up QEMU
+  #     uses: docker/setup-qemu-action@v2
+  #   - name: Set up Docker Buildx
+  #     uses: docker/setup-buildx-action@v2
+  #   - name: Build and Push Docker Image
+  #     uses: docker/build-push-action@v4
+  #     with:
+  #       context: .
+  #       push: true
+  #       tags: safesoftware/fmeflow-cli:${{ env.APP_VERSION }}, safesoftware/fmeflow-cli:latest
+  #       platforms: linux/amd64,linux/arm64
+  #       build-args: |
+  #         APP_VERSION=${{ env.APP_VERSION }}
 
   sign-windows:
     name: Sign Windows Binary
@@ -135,7 +135,7 @@ jobs:
   sign-macosx:
     name: Sign Mac Binaries
     needs: build-matrix
-    runs-on: macos-11
+    runs-on: macos-14
     strategy:
       matrix:
         # sign both darwin/amd64, darwin/arm64

From 28cd93e41d834ffd4ff0a7f3bfa818dd6698e937 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:35:21 +0000
Subject: [PATCH 03/13] Install Azure CLI manually because Windows.

---
 .github/workflows/release.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index afd5861..2065b0b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -83,14 +83,16 @@ jobs:
       with:
         name: fmeflow-windows-amd64
     
+    - name: Install Azure CLI
+      run: |
+        winget install --exact --id Microsoft.AzureCLI
+    
     - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
     - name: Whitelist GitHub Runner IP
-      uses: azure/cli@v2
-      with:
-        inlineScript: |
+      run: |
           set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
           az keyvault network-rule add \
@@ -98,6 +100,7 @@ jobs:
             -n "${{ secrets.KEY_VAULT_NAME }}" \
             --ip-address $agentIP
           az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated
+
     - name: Install AzureSignTool
       run: |
         dotnet tool install --global AzureSignTool --version 6.0.1
@@ -115,9 +118,7 @@ jobs:
           fmeflow.exe
 
     - name: Remove IP from Key Vault firewall
-      uses: azure/CLI@v1
-      with:
-        inlineScript: |
+      run: |
           set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
           az keyvault network-rule remove \

From 7ace22e843a944a7456fcf60ac6cbd2157041646 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:38:55 +0000
Subject: [PATCH 04/13] Accept agreements.

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2065b0b..6a9e17c 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -85,7 +85,7 @@ jobs:
     
     - name: Install Azure CLI
       run: |
-        winget install --exact --id Microsoft.AzureCLI
+        winget install --exact --id Microsoft.AzureCLI --accept-source-agreements --accept-package-agreements
     
     - uses: azure/login@v2
       with:

From d93c8d6542503b7e7d933781d568bd3dada448fe Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:43:29 +0000
Subject: [PATCH 05/13] Try not installing the Azure CLI

---
 .github/workflows/release.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6a9e17c..7361b08 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -83,9 +83,9 @@ jobs:
       with:
         name: fmeflow-windows-amd64
     
-    - name: Install Azure CLI
-      run: |
-        winget install --exact --id Microsoft.AzureCLI --accept-source-agreements --accept-package-agreements
+    #- name: Install Azure CLI
+    #  run: |
+    #    $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi
     
     - uses: azure/login@v2
       with:

From a0ed025ca3d3b0ecb828f518208492ad90821748 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:51:58 +0000
Subject: [PATCH 06/13] Move command to single line.

---
 .github/workflows/release.yaml | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7361b08..779839e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -95,10 +95,7 @@ jobs:
       run: |
           set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
-          az keyvault network-rule add \
-            -g "${{ secrets.AZURE_RESOURCE_GROUP }}" \
-            -n "${{ secrets.KEY_VAULT_NAME }}" \
-            --ip-address $agentIP
+          az keyvault network-rule add -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
           az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated
 
     - name: Install AzureSignTool
@@ -121,10 +118,7 @@ jobs:
       run: |
           set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
-          az keyvault network-rule remove \
-            -g "${{ secrets.AZURE_RESOURCE_GROUP }}" \
-            -n "${{ secrets.KEY_VAULT_NAME }}" \
-            --ip-address $agentIP
+          az keyvault network-rule remove -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
     
     - name: Reupload artifact
       uses: actions/upload-artifact@v4

From 85c071187a718ef3f1350ef45ddfd9cf2f6bde54 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:54:15 +0000
Subject: [PATCH 07/13] Remove accidental bashism

---
 .github/workflows/release.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 779839e..e11a8cc 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -93,7 +93,6 @@ jobs:
 
     - name: Whitelist GitHub Runner IP
       run: |
-          set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
           az keyvault network-rule add -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
           az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated
@@ -116,7 +115,6 @@ jobs:
 
     - name: Remove IP from Key Vault firewall
       run: |
-          set -eu
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
           az keyvault network-rule remove -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
     

From d812012683d851c927f7c36869ae97fc2226be70 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 21:58:33 +0000
Subject: [PATCH 08/13] Fix multiline command escape character

---
 .github/workflows/release.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e11a8cc..0486950 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -103,14 +103,14 @@ jobs:
 
     - name: Sign
       run: |
-        azuresigntool sign -coe \
-          --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ \
-          --azure-key-vault-managed-identity \
-          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} \
-          --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' \
-          --file-digest SHA256 \
-          --timestamp-rfc3161 http://timestamp.digicert.com \
-          --timestamp-digest SHA256 \
+        azuresigntool sign -coe `
+          --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ `
+          --azure-key-vault-managed-identity `
+          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} `
+          --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' `
+          --file-digest SHA256 `
+          --timestamp-rfc3161 http://timestamp.digicert.com `
+          --timestamp-digest SHA256 `
           fmeflow.exe
 
     - name: Remove IP from Key Vault firewall

From 76ed5adc6157c3557caa06be70f81521a3d27f26 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 22:02:42 +0000
Subject: [PATCH 09/13] Suppress az cli output.

---
 .github/workflows/release.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0486950..760cb73 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -94,8 +94,8 @@ jobs:
     - name: Whitelist GitHub Runner IP
       run: |
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
-          az keyvault network-rule add -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
-          az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated
+          az keyvault network-rule add -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP --output none
+          az keyvault network-rule wait -n "${{ secrets.KEY_VAULT_NAME }}" --updated --output none
 
     - name: Install AzureSignTool
       run: |
@@ -116,7 +116,7 @@ jobs:
     - name: Remove IP from Key Vault firewall
       run: |
           $agentIP = (Invoke-WebRequest -Uri https://api.ipify.org/).Content
-          az keyvault network-rule remove -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP
+          az keyvault network-rule remove -g "${{ secrets.AZURE_RESOURCE_GROUP }}" -n "${{ secrets.KEY_VAULT_NAME }}" --ip-address $agentIP --output none
     
     - name: Reupload artifact
       uses: actions/upload-artifact@v4

From 61307888f83b218cb978c74b527e7c209ec1faf2 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 22:06:19 +0000
Subject: [PATCH 10/13] Abandon multiline commands

---
 .github/workflows/release.yaml | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 760cb73..858468a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -103,15 +103,7 @@ jobs:
 
     - name: Sign
       run: |
-        azuresigntool sign -coe `
-          --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ `
-          --azure-key-vault-managed-identity `
-          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} `
-          --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' `
-          --file-digest SHA256 `
-          --timestamp-rfc3161 http://timestamp.digicert.com `
-          --timestamp-digest SHA256 `
-          fmeflow.exe
+        azuresigntool sign -coe --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ --azure-key-vault-managed-identity --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' --file-digest SHA256 --timestamp-rfc3161 http://timestamp.digicert.com --timestamp-digest SHA256 fmeflow.exe
 
     - name: Remove IP from Key Vault firewall
       run: |

From a71f1b379454582b73e20313324e24ce849f020d Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 22:56:38 +0000
Subject: [PATCH 11/13] Fix secret specification.

---
 .github/workflows/release.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 858468a..fc85845 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -103,7 +103,15 @@ jobs:
 
     - name: Sign
       run: |
-        azuresigntool sign -coe --azure-key-vault-url https://{{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ --azure-key-vault-managed-identity --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' --file-digest SHA256 --timestamp-rfc3161 http://timestamp.digicert.com --timestamp-digest SHA256 fmeflow.exe
+        azuresigntool sign -coe `
+          --azure-key-vault-url https://${{ secrets.KEY_VAULT_NAME }}.vault.azure.net/ `
+          --azure-key-vault-managed-identity `
+          --azure-key-vault-tenant-id ${{ secrets.AZURE_TENANT_ID }} `
+          --azure-key-vault-certificate '${{ secrets.AZURE_CERTIFICATE_NAME }}' `
+          --file-digest SHA256 `
+          --timestamp-rfc3161 http://timestamp.digicert.com `
+          --timestamp-digest SHA256 `
+          fmeflow.exe
 
     - name: Remove IP from Key Vault firewall
       run: |

From ddfa1dab78b1279985538bd715b54ba088f942b8 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 23:51:54 +0000
Subject: [PATCH 12/13] Remove testing changes.

---
 .github/workflows/release.yaml | 59 +++++++++++++++++-----------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index fc85845..841eff8 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -3,7 +3,6 @@
 on:
   release:
     types: [created]
-  push:
 
 jobs:
   build-matrix:
@@ -47,31 +46,31 @@ jobs:
         path: fmeflow${{ matrix.exe-ext }}
         if-no-files-found: error
 
-  # build-docker:
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - name: Checkout code
-  #     uses: actions/checkout@v3
-  #   - name: Login to Docker Hub
-  #     uses: docker/login-action@v2
-  #     with:
-  #       username: ${{ secrets.DOCKER_USERNAME }}
-  #       password: ${{ secrets.DOCKER_PASSWORD }}
-  #   - name: Set APP_VERSION env
-  #     run: echo APP_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
-  #   - name: Set up QEMU
-  #     uses: docker/setup-qemu-action@v2
-  #   - name: Set up Docker Buildx
-  #     uses: docker/setup-buildx-action@v2
-  #   - name: Build and Push Docker Image
-  #     uses: docker/build-push-action@v4
-  #     with:
-  #       context: .
-  #       push: true
-  #       tags: safesoftware/fmeflow-cli:${{ env.APP_VERSION }}, safesoftware/fmeflow-cli:latest
-  #       platforms: linux/amd64,linux/arm64
-  #       build-args: |
-  #         APP_VERSION=${{ env.APP_VERSION }}
+  build-docker:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Set APP_VERSION env
+      run: echo APP_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+    - name: Build and Push Docker Image
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        push: true
+        tags: safesoftware/fmeflow-cli:${{ env.APP_VERSION }}, safesoftware/fmeflow-cli:latest
+        platforms: linux/amd64,linux/arm64
+        build-args: |
+          APP_VERSION=${{ env.APP_VERSION }}
 
   sign-windows:
     name: Sign Windows Binary
@@ -254,8 +253,8 @@ jobs:
         cat fmeflow-${{ matrix.os }}-${{ matrix.arch }}.${{ matrix.zip-ext }}.md5
 
     # Add compressed files and md5 hashes to the release
-    #- uses: AButler/upload-release-assets@v3.0
-    #  with:
-    #    files: '*.md5;*.zip;*.tar.gz'
-    #    repo-token: ${{ secrets.GITHUB_TOKEN }}
+    - uses: AButler/upload-release-assets@v3.0
+      with:
+        files: '*.md5;*.zip;*.tar.gz'
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
 

From 4630cac37a68d0e5bf7b4ff776f670ccddc22982 Mon Sep 17 00:00:00 2001
From: Grant Arnold <grant.arnold@safe.com>
Date: Wed, 22 Oct 2025 23:53:24 +0000
Subject: [PATCH 13/13] Remove commented out action.

---
 .github/workflows/release.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 841eff8..c33ed2c 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -82,10 +82,6 @@ jobs:
       with:
         name: fmeflow-windows-amd64
     
-    #- name: Install Azure CLI
-    #  run: |
-    #    $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi
-    
     - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}