Signing Action

This is a composite action that makes it easy to sign the files across Espressif organization. It runs on all platforms.

Signs Windows files
- .exe, .dll, .cat, .sys, .msi, .ps1, .jar using Azure Key Vault and Jsign.

Quick Start
Input
Full Example
Supported File Types
Action Inputs

Quick Start

- uses: espressif/release-sign@master
  with:
    path: ./build
    azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
    azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
    azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
    azure-keyvault-uri: ${{ secrets.AZURE_KEYVAULT_URI }}
    azure-keyvault-cert-name: ${{ secrets.AZURE_KEYVAULT_CERT_NAME }}

Input

The path input accepts:

Single file: ./build/myapp.exe
Directory: ./dist (signs all supported files recursively)

Full Example

jobs:
  build-and-sign:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build
        run: |
          mkdir -p build
          # ... your build steps

      - name: Sign files
        uses: espressif/release-sign@master
        with:
          path: ./build
          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          azure-keyvault-uri: ${{ secrets.AZURE_KEYVAULT_URI }}
          azure-keyvault-cert-name: ${{ secrets.AZURE_KEYVAULT_CERT_NAME }}

      - name: Upload signed files
        uses: actions/upload-artifact@v4
        with:
          name: signed-files
          path: ./build

Supported File Types

Extension	Type
`.exe`	Executables
`.dll`	Libraries
`.cat`, `.sys`	Drivers
`.msi`, `.cab`	Installers
`.ps1`	PowerShell scripts
`.jar`	Java archives (signed with jarsigner)

Action Inputs

Input	Required	Default	Description
`path`	Yes	-	Path to file or directory to sign
`digest-algorithm`	No	`SHA-256`	Hash algorithm (SHA-256, SHA-384, SHA-512)
`azure-client-id`	Yes	-	Azure Service Principal Client ID
`azure-client-secret`	Yes	-	Azure Service Principal Client Secret
`azure-tenant-id`	Yes	-	Azure Tenant ID
`azure-keyvault-uri`	Yes	-	Azure Key Vault URI
`azure-keyvault-cert-name`	Yes	-	Certificate name in Key Vault
`azure-keyvault-certchain`	No	-	Certificate chain (.p7b) for JAR signing
`jsign-version`	No	`7.4`	Jsign version to use

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
scripts		scripts
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamlfix.toml		.yamlfix.toml
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Signing Action

Quick Start

Input

Full Example

Supported File Types

Action Inputs

About

Uh oh!

Releases

Packages

Contributors 2

Uh oh!

Languages

License

espressif/release-sign

Folders and files

Latest commit

History

Repository files navigation

Signing Action

Quick Start

Input

Full Example

Supported File Types

Action Inputs

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Uh oh!

Languages

Packages