|
| 1 | +name: "codesigner" |
| 2 | +description: "GitHub Action for CodeSigner by SSL.com" |
| 3 | + |
| 4 | +inputs: |
| 5 | + file_path: |
| 6 | + description: "Path of code object to be signed." |
| 7 | + required: false |
| 8 | + output_dir_path: |
| 9 | + description: "Directory where signed code object(s) will be written (if override is set to false)" |
| 10 | + required: false |
| 11 | + malware_block: |
| 12 | + description: "Scans your file for any possible malware in order to avoid code compromise and prevents signing of code if malware is detected." |
| 13 | + required: false |
| 14 | + default: "false" |
| 15 | + override: |
| 16 | + description: "Overrides the input file after signing, if this argument is set to true and no output_dir_path argument was passed" |
| 17 | + required: false |
| 18 | + default: "true" |
| 19 | + clean_logs: |
| 20 | + description: "Clean log files after code signing operations" |
| 21 | + required: false |
| 22 | + default: "false" |
| 23 | + jvm_max_memory: |
| 24 | + description: "Maximumx JVM heap size" |
| 25 | + required: false |
| 26 | + default: "1024M" |
| 27 | + signing_method: |
| 28 | + description: "Code signing method. Default is v1. Supported values: v1, v2" |
| 29 | + required: false |
| 30 | + default: "v1" |
| 31 | + |
| 32 | +runs: |
| 33 | + using: "composite" |
| 34 | + steps: |
| 35 | + - name: Sign Artifact with CodeSignTool |
| 36 | + |
| 37 | + with: |
| 38 | + # CodeSignTool Commands: |
| 39 | + # - get_credential_ids: Output the list of eSigner credential IDs associated with a particular user. |
| 40 | + # - credential_info: Output key and certificate information related to a credential ID. |
| 41 | + # - sign: Sign and timestamp code object. |
| 42 | + # - batch_sign: Sign and timestamp multiple code objects with one OTP. |
| 43 | + # - hash: Pre-compute hash(es) for later use with batch_hash_sign command. |
| 44 | + # - batch_sign_hash: Sign hash(es) pre-computed with hash command. |
| 45 | + command: sign |
| 46 | + |
| 47 | + # SSL.com account username.. |
| 48 | + username: ${{secrets.ES_USERNAME}} |
| 49 | + |
| 50 | + # SSL.com account password. |
| 51 | + password: ${{secrets.ES_PASSWORD}} |
| 52 | + |
| 53 | + # Credential ID for signing certificate. |
| 54 | + credential_id: ${{secrets.ES_CREDENTIAL_ID}} |
| 55 | + |
| 56 | + # OAuth TOTP Secret (https://www.ssl.com/how-to/automate-esigner-ev-code-signing) |
| 57 | + totp_secret: ${{secrets.ES_TOTP_SECRET}} |
| 58 | + |
| 59 | + # Path of code object to be signed. |
| 60 | + # Supported File Types: acm, ax, bin, cab, cpl, dll, drv, efi, exe, mui, ocx, scr, sys, tsp, msi, ps1, ps1xml, js, vbs, wsf, jar |
| 61 | + file_path: ${{ inputs.file_path }} |
| 62 | + |
| 63 | + # Directory where signed code object(s) will be written. |
| 64 | + output_path: ${{ inputs.output_dir_path }} |
| 65 | + |
| 66 | + # Scans your file for any possible malware in order to avoid code compromise and prevents signing of code if malware is detected. |
| 67 | + # On batch_sign command: If you are getting 'Error: hash needs to be scanned first before submitting for signing: <hash_value>', you can set this value to true |
| 68 | + malware_block: ${{ inputs.malware_block }} |
| 69 | + |
| 70 | + # Overrides the input file after signing, if this parameter is set and no -output_dir_path parameter |
| 71 | + override: ${{ inputs.override }} |
| 72 | + |
| 73 | + # Clean log files after code signing operations |
| 74 | + clean_logs: ${{ inputs.clean_logs }} |
| 75 | + |
| 76 | + # Maximumx JVM heap size |
| 77 | + jvm_max_memory: ${{ inputs.jvm_max_memory }} |
| 78 | + |
| 79 | + # Code signing method. Default is v1. Supported values: v1, v2 |
| 80 | + signing_method: ${{ inputs.signing_method }} |
0 commit comments