https://github.com/cognitedata/code-sign-action

This repository contains a GitHub action for code signing on Windows and Linux
https://github.com/cognitedata/code-sign-action

codesign linux windows

Last synced: about 1 year ago
JSON representation

This repository contains a GitHub action for code signing on Windows and Linux

• Host: GitHub
• URL: https://github.com/cognitedata/code-sign-action
• Owner: cognitedata
• License: apache-2.0
• Created: 2022-03-24T13:56:58.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2025-02-14T13:27:15.000Z (over 1 year ago)
• Last Synced: 2025-03-29T04:51:14.062Z (about 1 year ago)
• Topics: codesign, linux, windows
• Homepage:
• Size: 314 KB
• Stars: 1
• Watchers: 48
• Forks: 4
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          
# code-sign-action

The code-sign-action action integrates with Digicert One and uses SignTool on Windows runners and JSign on Linux runners. It has been tested on `windows-2022`, `ubuntu-20.04` and `ubuntu-22.04` runners.

------------

## Usage

### Environment

- `CERTIFICATE_HOST`: https://clientauth.one.digicert.com

- `CERTIFICATE_HOST_API_KEY`: An API key created for the GitHub Actions service user in Digicert One.

- `CERTIFICATE_SHA1_HASH`: SHA1 fingerprint of the code signing certificate.

- `CLIENT_CERTIFICATE`: Client authentication certificate created for the GitHub Actions service user in Digicert One.(.p12 file)

- `CLIENT_CERTIFICATE_PASSWORD`: Client authentication certificate password created for the GitHub Actions service user in Digicert One.

- `KEYPAIR_ALIAS`: Keypair alias value found in the "Keypair details" section of the "Certificates" page in your KeyLocker dashboard.

### Inputs

- `path-to-binary`: Takes either a file path or a directory path containing the files to be signed.

### Examples

#### Sign a single file on Windows

```yaml

name: codesign-example-single-file

on:

  push:

    branches:

      - main

      - 'releases/*'

jobs:

  run-action:

    runs-on: windows-2022

    steps:

      - name: Run the action for a single file

        env:

          CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}

          CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}

          CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}

          CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}

          CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}

          KEYPAIR_ALIAS: ${{ secrets.CODE_SIGNING_KEYPAIR_ALIAS }}

        uses: cognitedata/code-sign-action/@v3

        with:

          path-to-binary: 'test\test.dll'

```

#### Sign multiple files on Linux

```yaml

name: codesign-example-multiple-files

on:

  pull_request:

  push:

    branches:

      - main

      - "releases/*"

jobs:

  run-action-linux:

    runs-on: ubuntu-22.04

    steps:

      - name: Checkout code

        uses: actions/checkout@v3

      - name: Run the action for multiple files in directory

        env:

          CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}

          CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}

          CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}

          CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}

          CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}

          KEYPAIR_ALIAS: ${{ secrets.CODE_SIGNING_KEYPAIR_ALIAS }}

        uses: cognitedata/code-sign-action/@v3

        with:

          path-to-binary: "test"

```