Skip to content

feat: sign Windows binaries

Stan Hurequested to merge
sh-add-windows-signing into main

Description

This signs the Windows installer and its embedded glab.exe using the process described in https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks-images/-/blob/main/code-signer/certs/README.md.

This depends on the CLI project gaining OIDC access to the signing project: gitlab-com/gl-infra/production-engineering#27583 (closed)

Note that this does NOT sign the i386 and Windows binaries produced with goreleaser at the moment.

Related Issues

Relates to #1143 (closed)

How has this been tested?

See the final installer in https://gitlab.com/gitlab-org/cli/-/jobs/11342153980.

Screenshots (if appropriate):

Installer

image

image

glab.exe

After using the installer, C:\Program Files (x86)\glab\gla.exe contains a binary:

image

image

image

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation
  • Chore (Related to CI or Packaging to platforms)
  • Test gap
Edited by Stan Hu

Merge request reports