I've recently updated a series of scripts that I maintain with Authenticode signatures to add some additional security/verification/comfort to those that are using them.
However, when I upload the scripts to GitHub (either a commit via VSCode or via the browser), if I download the subsequent PS1 (or copy paste the raw contents), the resulting file is not signed. If I copy and paste the contents of the properly signed file that I have locally, it retains the signature.
I've see a lot of posts on HOW to sign the scripts, but I haven't seen any posts on how to properly publish them.
PS C:\Users\jim\OneDrive\Desktop> Get-AuthenticodeSignature 'C:\Users\jim\OneDrive\Downloads\MYReport.ps1'
Directory: C:\Users\jim\OneDrive\Downloads
SignerCertificate Status Path
----------------- ------ ----
NotSigned MYReport.ps1
PS C:\Users\jim\OneDrive\Desktop> Get-AuthenticodeSignature 'C:\Users\jim\OneDrive\Documents\Code\MYReport.ps1'
Directory: C:\Users\jim\OneDrive\Documents\Code
SignerCertificate Status Path
----------------- ------ ----
C2048FB509F1C37A8C3E9EC6648118458AA01780 Valid MyReport.ps1