Skip to content

Sign windows installer. #2357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fnando wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Sign windows installer. #2357

fnando wants to merge 2 commits into from

Conversation

@fnando
Copy link
Member

@fnando fnando commented Jan 14, 2026
edited
Loading

What

Sign Windows Installer when making a new release.

CleanShot 2026-01-14 at 17 22 00@2x

Why

So we can get rid of the nasty warning on Windows. See https://github.com/stellar/ops/issues/4170 for reference.

Known limitations

Given the limited number of signatures we can issue (1000), we're only signing actual releases.

Copilot AI review requested due to automatic review settings January 14, 2026 18:42
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Jan 14, 2026
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds code signing for the Windows installer using DigiCert's Software Trust Manager to eliminate the "unknown publisher" security warning during installation. The signing is conditionally applied only on releases and specific branches to conserve the limited signature quota (1000 signatures).

Changes:

  • Added environment variable setup for the client certificate file path
  • Configured certificate file decoding from base64-encoded secret
  • Integrated DigiCert code-signing action with conditional execution

mootz12
mootz12 reviewed Jan 14, 2026
View reviewed changes
@fnando fnando self-assigned this Jan 14, 2026
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Jan 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mootz12 mootz12 mootz12 left review comments

Copilot code review Copilot Copilot left review comments

@leighmcculloch leighmcculloch Awaiting requested review from leighmcculloch

At least 1 approving review is required to merge this pull request.

Assignees

@fnando fnando

Labels

None yet

Projects

DevX
Status: Needs Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fnando @mootz12