Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
code

GitHub Action

Signtool Code Sign

v1.0.1

Signtool Code Sign

code

Signtool Code Sign

Sign files with with a pfx certificate using signtool

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Signtool Code Sign

              
  uses: GabrielAcostaEngler/signtool-code-sign@v1.0.1
Learn more about this action in GabrielAcostaEngler/signtool-code-sign

Choose a version

Signtool-Code-Signing

This action will code sign files from the given folder, this can be done recursively if needed.
The action uses a base64 encoded PFX certificate to sign files by adding the certificate to the store and then use signtool to do the code signing.

All inputs regarding the Certificate except description should be added via repository/organization secrets.

Thanks to Dirk Lemstra for providing a base for me to create this action.

Inputs

certificate

Required
Description - The base64 encoded certificate.

cert-password

Required
Description - Certificate Password. Used to add to the machine store.

cert-sha1

Required
Description - SHA1 hash for the certificate (Thumbprint of the certificate).

cert-description

Description - Add a desciption to the files being signed.

folder

Required
Description - The folder that contains the libraries to sign.

recursive

Description - Recursively search for DLL files.
Default - 'false'

timestamp-server

Description - Url of the timestamp server.
Default - 'http://timestamp.verisign.com/scripts/timstamp.dll'

Usage

runs-on: windows-latest
steps:
  uses: GabrielAcostaEngler/signtool-code-sign@master
  with:
    certificate: '${{ secrets.CERTIFICATE }}'
    cert-password: '${{ secrets.PASSWORD }}'
    cert-sha1: '${{ secrets.CERTHASH }}'
    cert-description: 'foo'
    folder: 'path/to/folder'
    recursive: true
    timestamp-server: 'http://timestamp.digicert.com'

License

This project is released under the MIT License