feat(release): codesign windows release binaries (#6273)

This commit is contained in:
David Knaack 2024-10-13 22:22:12 +02:00 committed by GitHub
parent d6814be0ba
commit fcc697b9b3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 9 deletions

View File

@ -138,18 +138,15 @@ jobs:
- name: Sign | Sign [Windows]
continue-on-error: true
if: matrix.os == 'windows-latest'
uses: signpath/github-action-submit-signing-request@v0.4
uses: signpath/github-action-submit-signing-request@v1
with:
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
project-slug: 'starship'
signing-policy-slug: 'test-signing'
github-artifact-id: '${{ steps.unsigned-artifacts.outputs.artifact-id }}'
wait-for-completion: false
# TODO use release-signing certificate:
# signing-policy-slug: 'release-signing'
# wait-for-completion: true
# output-artifact-directory: 'target/${{ matrix.target }}/release'
signing-policy-slug: 'release-signing'
wait-for-completion: true
output-artifact-directory: 'target/${{ matrix.target }}/release'
- name: Post Build | Prepare artifacts [Windows]
if: matrix.os == 'windows-latest'

View File

@ -233,7 +233,7 @@ jobs:
target/debug/starship-x86_64-pc-windows-msvc.msi
- name: Sign | Sign [Windows]
uses: signpath/github-action-submit-signing-request@v0.4
uses: signpath/github-action-submit-signing-request@v1
continue-on-error: true
if: matrix.os == 'windows-latest' && matrix.rust == 'stable' && github.event_name == 'push' && github.repository == 'starship/starship'
with:

View File

@ -433,7 +433,16 @@ Please check out these previous works that helped inspire the creation of starsh
Support this project by [becoming a sponsor](https://github.com/sponsors/starship). Your name or logo will show up here with a link to your website.
- Free code signing provided by [SignPath.io], certificate by [SignPath Foundation]
## 🔒 Code Signing Policy
Free code signing provided by [SignPath.io], certificate by [SignPath Foundation].
Code Signing Roles:
- Reviewers: [Astronauts](https://github.com/orgs/starship/teams/astronauts)
- Approvers and Authors: [Mission Control](https://github.com/orgs/starship/teams/mission-control)
This program will not transfer any information to other networked systems unless specifically requested by the user or the person installing or operating it.
<p align="center">
<br>