Setup project access to code signing service account

Details

• Point of contact for this request: @bohdanpk
• If a call is needed, what is the proposed date and time of the call: N/A
• Additional call details (format, type of call): N/A

SRE Support Needed

I am looking for support and guidance to setup access to the service account for code signing for the Knowledge Graph project.

I see that we already have this setup for gitlab runners here via gitlab-runner-signing service account.

This will be used both for Windows and MacOS code signing. Since MacOS is much stricter than Windows, we had to implement a workaround for signing MacOS binaries. However signing through Cloud HSMs is much more secure approach to it.

This is currently non-blocking, but can become blocking in the nearest future as more customers start using the knowledge graph in secure environment.