[SEC-2913] Update action to fit the new code signing flow #20

Summary
Jobs
- sign
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/digicert-signing.yaml at 6d30c2f

	name: digicert-signing
	on:
	pull_request:
	push:
	branches:
	- main
	- 'releases/*'

	jobs:
	sign:
	runs-on: windows-2022
	steps:
	- name: Copy libraries
	run: \|
	ls
	mkdir files
	wget https://github.com/cognitedata/code-sign-action/raw/0dc0e0fff181f5c2147601d4402d6ce8d64e06ca/test.dll -O files/test.dll
	cd files
	mkdir subdirectory
	cp test.dll subdirectory

	- name: Setup Certificate
	run: \|
	echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" \| base64 --decode > /d/cognite_code_signing_github_actions.p12
	shell: bash

	- name: Set variables
	id: variables
	run: \|
	echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
	echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
	echo "SM_CLIENT_CERT_FILE=D:\\cognite_code_signing_github_actions.p12" >> "$GITHUB_ENV"
	echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
	echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
	echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
	echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
	echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
	shell: bash

	- name: Code signing with Secure Software Manager
	uses: digicert/[email protected]
	env:
	SM_API_KEY: ${{secrets.SM_API_KEY}}
	SM_CLIENT_CERT_PASSWORD: ${{secrets.SM_CLIENT_CERT_PASSWORD}}
	SM_CLIENT_CERT_FILE: ${{secrets.SM_CLIENT_CERT_FILE}}

	- name: Signing with smctl
	run: \|
	smctl.exe healthcheck
	smctl.exe certificate list
	smctl.exe keypair ls
	smctl.exe windows certsync --keypair-alias="key_464138416"
	smctl.exe sign --fingerprint ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} --input 'files\test.dll'
	smctl.exe sign verify --input 'files\test.dll'
	# smksp_registrar.exe list
	# C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
	# smksp_cert_sync.exe
	shell: cmd

	- name: Signing using SignTool
	run: \|
	signtool.exe sign /debug /sha1 ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 'files\test.dll'
	signtool.exe verify /v /pa 'files\wmp.dll'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SEC-2913] Update action to fit the new code signing flow #20

Workflow file

[SEC-2913] Update action to fit the new code signing flow #20

Jobs

Run details

Workflow file for this run