From 11bf7e88a44fc5ed67f4039495ea067c01e07424 Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Mon, 12 Jan 2026 14:32:03 +0100
Subject: Add SignPath signing step to release-candidate CI.

---
 .github/workflows/release-candidate.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml
index 021e09f44..59d515843 100644
--- a/.github/workflows/release-candidate.yml
+++ b/.github/workflows/release-candidate.yml
@@ -75,6 +75,16 @@ jobs:
         name: windows-release-candidate
         path: windows-release-candidate
 
+    - uses: signpath/github-action-submit-signing-request@v2
+      with:
+        api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
+        organization-id: 'd330f023-29aa-44e4-b90b-ae1c570f4a25'
+        project-slug: 'pandoc'
+        signing-policy-slug: 'test-signing'
+        github-artifact-id: '${{ steps.upload-unsigned-artifact.outputs.windows-release-candidate }}'
+        wait-for-completion: true
+        output-artifact-directory: 'windows-release-candidate-signed'
+
   macos:
 
     runs-on: macos-15-intel
-- 
cgit v1.2.3