forked from markeytos/code-sign-action
-
Notifications
You must be signed in to change notification settings - Fork 4
41 lines (40 loc) · 1.91 KB
/
master.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
on: push
name: Testing action
jobs:
run_action:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Copy libraries
shell: cmd
run: |
mkdir files
copy C:\Windows\System32\wmi.dll files
cd files
mkdir subdirectory
copy C:\Windows\System32\wmi.dll subdirectory
- name: Generate test certificate
id: generate-cert
shell: pwsh
run: |
$cert = New-SelfSignedCertificate -Type CodeSigningCert -KeyUsageProperty Sign -KeyUsage DigitalSignature `
-KeyExportPolicy ExportableEncrypted -KeyProtection None -KeyAlgorithm RSA -KeyLength 2048 `
-KeyDescription "Certificate to test code signing action" -FriendlyName "TestCert" -Subject "[email protected],CN=Test Certificate" `
-CertStoreLocation "Cert:\CurrentUser\My\"
$password = 'ThisIsASuperLongPassword'
$securedPwd = ConvertTo-SecureString -String $password -Force -AsPlainText
$pfxFile = 'testCert.pfx'
Export-PfxCertificate -FilePath $pfxFile -Password $securedPwd -Cert "Cert:\CurrentUser\My\$($cert.Thumbprint)" -Force
$base64PfxCert = [convert]::ToBase64String((Get-Content -path $pfxFile -AsByteStream))
echo "certificate=${base64PfxCert}" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
echo "certSha1=$($cert.Thumbprint)" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
echo "certPassword=${password}" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
- name: Run the action
uses: ./
with:
certificate: '${{ steps.generate-cert.outputs.certificate }}'
certificatesha1: '${{ steps.generate-cert.outputs.certSha1 }}'
password: '${{ steps.generate-cert.outputs.certPassword }}'
folder: 'files'
recursive: true