Overview
code-signing-software-trust-action enables secure, automated code signing directly within your GitHub workflows. This integration provides a seamless way to incorporate trusted signing into your DevOps pipelines, ensuring the authenticity and integrity of your released software.
Using a keypair-based signing workflow, developers can sign binaries across Windows, Linux, and macOS with strong security controls and full platform compatibility. This action automatically installs and configures Software Trust client tools, allowing quick setup for both GitHub-hosted and self-hosted runners.
Additionally, this action supports simple signing, a streamlined process that eliminates the need for third-party tools or libraries, delivering fast, consistent, and efficient code signing across environments.
Key features
Simple signing mode
A streamlined signing workflow designed to simplify configuration and improve performance:
- Sign code without relying on third-party tools
- A unified, consistent signing experience across Windows, Linux, and macOS
- Delivers faster signing by removing library overhead and reducing unnecessary API calls
- Built to support DigiCert's long-term direction as legacy signing methods are deprecated
Bulk signing mode
An efficient option for teams that need to sign large sets of artifacts:
- Sign multiple files in a single operation, dramatically improving throughput
- Reduces network round-trip calls, improving performance in high-volume CI/CD pipelines
- Contact DigiCert Sales to activate bulk signing
Optimized installation
Enhancements designed to speed installation, reduce redundant downloads, and ensure accurate tool updates:
- Faster, consistent downloads of required signing tools
- Automatically checks CDN-hosted checksums to detect and download new tool versions
- Supports GitHub's caching service across both hosted and self-hosted runners