Skip to content

Sign khisto binary#24

Open
bruno-at-orange wants to merge 2 commits into
mainfrom
23-sign-windows-binaries-for-pip-packaging
Open

Sign khisto binary#24
bruno-at-orange wants to merge 2 commits into
mainfrom
23-sign-windows-binaries-for-pip-packaging

Conversation

@bruno-at-orange

@bruno-at-orange bruno-at-orange commented Jun 29, 2026

Copy link
Copy Markdown
Member

Add optional signing of the khisto ` binary inside Windows x64 wheels using DigiCert Software Trust Manager.

Changes

New workflow_dispatch input: signature-activation (boolean, default false) — enables signing when triggering the workflow manually.

Signing steps (Windows x64 only):

  • Unpack the built wheel with python -m wheel unpack
  • Decode the PKCS#12 certificate from the SM_CLIENT_CERT_FILE_B64 secret
  • Sign the unpacked binaries with digicert/code-signing-software-trust-action in simple-signing-mode
  • Repack the wheel

ARM64 Windows is not signed yet (smctl does not support it); a warning is emitted instead.

Other fixes:

  • Bump actions/upload-artifact and actions/download-artifact from v6 to v7
  • Fix pull_request path trigger (.yml.yaml)
  • Pin Python to 3.13 in setup-python
  • Move Set up Python and Set up UV steps before Load Visual C++ Environment Variables

@bruno-at-orange bruno-at-orange linked an issue Jun 29, 2026 that may be closed by this pull request
@bruno-at-orange bruno-at-orange force-pushed the 23-sign-windows-binaries-for-pip-packaging branch 3 times, most recently from 160daa1 to 5bb33d8 Compare June 29, 2026 17:02
- Fix PR paths trigger: pack-pip.yml -> pack-pip.yaml
- Add python-version: '3.13' to setup-python step
- Move Set up Python and Set up UV before Build wheels
- Fix download-artifact v6
@bruno-at-orange bruno-at-orange force-pushed the 23-sign-windows-binaries-for-pip-packaging branch from 6994905 to 753249d Compare June 30, 2026 07:24
@bruno-at-orange bruno-at-orange changed the title Add a job to sign khisto binary Sign khisto binary Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Sign Windows binaries for pip packaging

2 participants