git-for-windows/git
1
0
Fork 0
mirror of https://github.com/git-for-windows/git.git synced 2026-03-17 22:19:19 -05:00
Code Issues Packages Projects Releases 335 Wiki Activity

git-artifacts: also code-sign, if configured via the secrets

Browse Source 
When the secrets `CODESIGN_P12` and `CODESIGN_PASS` are set, the
workflow will now code-sign the `.exe` files contained in the package.

This should help with a few anti-malware programs, at least when the
certificate saw some action and gained trust.

Note: `CODESIGN_P12` needs to be generated via

	cat <certificate>.p12 | base64 | tr '\n' %

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
2020-04-12 00:34:56 +02:00
parent 5560ec5d14
commit fb3520640e
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/git-artifacts.yml vendored
View File

@@ -135,6 +135,18 @@ jobs:
git remote add -f origin https://github.com/git-for-windows/git &&
git fetch --tags bundle-artifacts/git.bundle $(cat bundle-artifacts/next_version) &&
git reset --hard $(cat bundle-artifacts/next_version)
- name: Prepare home directory for code-signing
env:
CODESIGN_P12: ${{secrets.CODESIGN_P12}}
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
if: env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
shell: bash
run: |
cd home &&
mkdir -p .sig &&
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 &&
echo -n "$CODESIGN_PASS" >.sig/codesign.pass
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
- name: Prepare home directory for GPG signing
if: env.GPGKEY != ''
shell: bash