Windows Code Signing Github Action

Forked from: https://github.com/GabrielAcostaEngler/signtool-code-sign but modernized and with updated dependencies.

This action will code sign files from the given folder, this can be done recursively if needed.
The action uses a base64 encoded PFX certificate to sign files by adding the certificate to the store and then use signtool.exe to do the code signing.

All inputs regarding the Certificate except description should be added via repository/organization secrets.

Thanks to Dirk Lemstra and Gabriel Acosta Engler for providing a base for this action.

Inputs

certificate

Required
Description - The base64 encoded certificate.

cert-password

Required
Description - Certificate Password. Used to add to the machine store.

cert-sha1

Required
Description - SHA1 hash for the certificate (Thumbprint of the certificate).

cert-description

Description - Add a description to the files being signed.

folder

Required
Description - The folder that contains the libraries to sign.

recursive

Description - Recursively search for DLL files.
Default - 'false'

timestamp-server

Description - Url of the timestamp server.
Default - 'http://timestamp.verisign.com/scripts/timstamp.dll'

Usage

runs-on: windows-latest
steps:
  uses: mscrivo/signtool-code-sign@v1
  with:
    certificate: '${{ secrets.CERTIFICATE }}'
    cert-password: '${{ secrets.PASSWORD }}'
    cert-sha1: '${{ secrets.CERTHASH }}'
    cert-description: 'foo'
    folder: 'path/to/folder'
    recursive: true
    timestamp-server: 'http://timestamp.digicert.com'

License

This project is released under the MIT License