Skip to content

Sign Windows executables with SignPath#4056

Merged
danyeaw merged 11 commits into
mainfrom
signpath-gha
Nov 8, 2025
Merged

Sign Windows executables with SignPath#4056
danyeaw merged 11 commits into
mainfrom
signpath-gha

Conversation

@danyeaw
Copy link
Copy Markdown
Member

@danyeaw danyeaw commented Oct 9, 2025
edited
Loading

This PR moves from using our own Windows certificates to sign our Windows executables to using SignPath to sign them for us.

image

The next step will be to contact SignPath to get the production certificates generated.

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

  • Bug fix
  • Feature
  • Chore (refactoring, formatting, local variables, other cleanup)
  • Documentation content changes

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

amolenaar
amolenaar reviewed Oct 9, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@amolenaar amolenaar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. The changes look good (simple).

Comment thread .github/actions/windows_executables/action.yml Outdated
Comment thread .github/workflows/full-build.yml Outdated
danyeaw and others added 2 commits October 9, 2025 22:33
@danyeaw @amolenaar
Cleanup quotes
9b9e60a 
Co-authored-by: Arjan Molenaar <gaphor@gmail.com>
@danyeaw
Cleanup extra lines
875e1db
@danyeaw danyeaw marked this pull request as ready for review October 10, 2025 02:53
@danyeaw danyeaw marked this pull request as draft October 10, 2025 03:05
@amolenaar
Copy link
Copy Markdown
Member

amolenaar commented Oct 10, 2025

btw. the windows executables script is trying to call poetry shell, which doesn't do anything.

@danyeaw danyeaw marked this pull request as ready for review October 10, 2025 18:46
@danyeaw danyeaw added the chore Maintenance related PR label Oct 10, 2025
@danyeaw danyeaw requested a review from amolenaar October 10, 2025 19:03
amolenaar
amolenaar approved these changes Oct 12, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@amolenaar amolenaar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good. It's great SignPath is able to help out.

Comment thread .github/actions/windows_executables/action.yml Outdated
@danyeaw @amolenaar
Fix typo
e4b2207 
Co-authored-by: Arjan Molenaar <gaphor@gmail.com>
@danyeaw
Copy link
Copy Markdown
Member Author

danyeaw commented Nov 8, 2025

Since the release certificate is approved, I'm going to go ahead and merge this.

@danyeaw danyeaw merged commit 8addd17 into main Nov 8, 2025
26 checks passed
@danyeaw danyeaw deleted the signpath-gha branch November 8, 2025 20:38
@amolenaar
Copy link
Copy Markdown
Member

amolenaar commented Nov 9, 2025

Thanks @danyeaw

You want to roll a release as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amolenaar amolenaar amolenaar approved these changes

Assignees

No one assigned

Labels

chore Maintenance related PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danyeaw @amolenaar