Skip to content

chore: add a temporary github action for testing windows code signing changes #27

chore: add a temporary github action for testing windows code signing changes

chore: add a temporary github action for testing windows code signing changes #27

name: CHRIS CERT TEST
on:
pull_request:
branches: [main]
jobs:
chris-cert-test:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Is this thing on
id: thing_on
run: |
echo "hi"
- name: Write client auth certificate file
id: write_client_auth_cert
env:
CLIENT_AUTH_CERT_BASE64_CONTENT: ${{ secrets.CODE_SIGNING_CERT_BASE64 }}
run: |
$p12Path = "cert.p12";
$encodedBytes = [System.Convert]::FromBase64String($env:CLIENT_AUTH_CERT_BASE64_CONTENT);
Set-Content $p12Path -Value $encodedBytes -AsByteStream;
echo "p12_path=$p12Path" >> $ENV:GITHUB_OUTPUT
- name: Check cert output
run: |
echo "Checking the output of the write cert step"
echo "${{ steps.write_client_auth_cert.outputs.p12_path }}"
- name: Download digicert smtools
env:
SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
run: |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
shell: cmd
- name: Install digicert smtools
run: |
$procMain = Start-Process "msiexec" "/i smtools-windows-x64.msi /qn /l*! msi_install.log" -NoNewWindow -PassThru
echo $null >> msi_install.log
$procLog = Start-Process "powershell" "Get-Content -Path msi_install.log -Wait" -NoNewWindow -PassThru
$procMain.WaitForExit()
$procLog.Kill()
shell: powershell
- name: Add digicert tools to path
run: |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
shell: bash
- name: Check path
run: |
echo %path%
shell: cmd
- name: List digicert dir
run: |
dir "C:\Program Files"
dir "C:\Program Files\Amazon"
dir "C:\Program Files\DigiCert"
dir "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
shell: cmd
- name: Verify KSP Registration
env:
SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
# SM_CLIENT_CERT_FILE: "D:\\a\\momento-cli\\momento-cli\\cert.p12"
SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
# SM_CLIENT_CERT_FILE: "butt"
SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
run: |
smksp_registrar.exe list
dir
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smksp_cert_sync.exe
smctl healthcheck
shell: cmd
- name: Signing using Signtool
env:
SM_HOST: ${{ secrets.CODE_SIGNING_HOST }}
SM_API_KEY: ${{ secrets.CODE_SIGNING_API_KEY }}
# SM_CLIENT_CERT_FILE: "D:\\a\\momento-cli\\momento-cli\\cert.p12"
SM_CLIENT_CERT_FILE: "${{ steps.write_client_auth_cert.outputs.p12_path }}"
# SM_CLIENT_CERT_FILE: "butt"
SM_CLIENT_CERT_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_PASSWORD }}
run: |
signtool.exe sign /sha1 ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 "smtools-windows-x64.msi"
signtool.exe verify /v /pa "smtools-windows-x64.msi"