Skip to content

Commit 6919cbd

Browse files
solarwsolarw
committed
win sign
1 parent 5af66c2 commit 6919cbd

File tree

1 file changed

+34
-1
lines changed

1 file changed

+34
-1
lines changed

.github/workflows/release.yaml

+34-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ jobs:
1010
runs-on: ${{ matrix.os }}
1111
strategy:
1212
matrix:
13-
os: [windows-latest, macos-14, macos-14-large ]
13+
os: [windows-latest]
14+
#, macos-14, macos-14-large ]
1415
defaults:
1516
run:
1617
shell: bash
@@ -40,6 +41,38 @@ jobs:
4041
echo "FILENAME=$FILENAME" >> $GITHUB_ENV;
4142
mv dist/agent_runner_bin dist/${FILENAME}
4243
44+
- name: prepare sign things
45+
if: runner.os == 'Windows'
46+
run: |
47+
echo Setup Certificate
48+
echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
49+
echo "Set Variables!"
50+
echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
51+
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
52+
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
53+
echo "SM_KEY_PAIR_ALIAS=${{ secrets.SM_KEY_PAIR_ALIAS }}" >> "$GITHUB_ENV"
54+
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
55+
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
56+
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
57+
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
58+
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
59+
shell: bash
60+
61+
- name: Setup SSM KSP on windows latest
62+
if: runner.os == 'Windows'
63+
run: |
64+
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
65+
msiexec /i smtools-windows-x64.msi /quiet /qn
66+
smksp_registrar.exe list
67+
smctl.exe keypair ls
68+
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
69+
smksp_cert_sync.exe
70+
71+
- name: sign the file
72+
if: runner.os == 'Windows'
73+
run: |
74+
"C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smctl.exe" sign --keypair-alias=${{ secrets.SM_KEY_PAIR_ALIAS }} --input "dist/agent_runner_bin.exe"
75+
4376
- name: rename the file
4477
if: runner.os == 'Windows'
4578
run: |

0 commit comments

Comments
 (0)