aikins01/SignTools-CI — reverse-engineered prompt

Build me a simple private repo I can use as a CI based builder for SignTools. I want it to connect to my SignTools setup and use one CI provider, either GitHub Actions or Semaphore, to pull an iOS app, sign it, and upload it back to SignTools automatically. Keep it straightforward and reliable, with the basic scripts and config needed so I can actually run it from a fresh repo template.

Please make the setup easy for someone who is only a little technical. I’ll need clear instructions for creating the private repo, choosing just one provider, generating the right token, and wiring that token into SignTools. If there are provider differences, explain them simply, especially that developer accounts only work with GitHub Actions right now.

Include any supporting scripts this kind of signing flow needs, plus a short README that walks through the full setup and usage. If anything is unclear, look up the current docs online and make reasonable choices.