Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use eToken for signing #950

Merged
merged 7 commits into from
May 16, 2024
Merged

use eToken for signing #950

merged 7 commits into from
May 16, 2024

Conversation

umbynos
Copy link
Contributor

@umbynos umbynos commented May 10, 2024

Please check if the PR fulfills these requirements

  • The PR has no duplicates (please search among the Pull Requests
    before creating one)
  • Tests for the changes have been added (for bug fixes / features)
  • What kind of change does this PR introduce?

Infra change

  • What is the current behavior?

The certificate used to sign windows binaries is expiring, and the provider no longer ships a digital one.

  • What is the new behavior?

We have setup a local runner used to sign. I created a job specifically for this and removed code-signing from the package step, because this requires a local windows runner, while the package one runs on ubuntu container.

  • Does this PR introduce a breaking change?

no

  • Other information:

TODO:

  • Remove INSTALLER_CERT_WINDOWS_PFX and use INSTALLER_CERT_WINDOWS_CER
  • Replace INSTALLER_CERT_WINDOWS_PASSWORD
  • Add INSTALLER_CERT_WINDOWS_CONTAINER

@umbynos umbynos added type: enhancement Proposed improvement topic: infrastructure Related to project infrastructure labels May 10, 2024
@umbynos umbynos self-assigned this May 10, 2024
Copy link
Contributor

@MatteoPologruto MatteoPologruto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@umbynos
Copy link
Contributor Author

umbynos commented May 15, 2024

I've adapted check-certificates.yml too in order to correctly validate the new Windows certificate. This needs to be mirrored to the assets repo
Test release can be found here and run here
image

@umbynos umbynos merged commit fc0a137 into main May 16, 2024
27 checks passed
@umbynos umbynos deleted the sign-locally branch May 16, 2024 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants