mirror of
https://github.com/clockworklabs/SpacetimeDB.git
synced 2026-05-06 15:49:35 -04:00
Ryan
8b8a42fa35
# Description of Changes Add EV code signing for Windows CLI binaries using DigiCert KeyLocker. The workflow now signs `spacetimedb-update.exe`, `spacetimedb-cli.exe`, and `spacetimedb-standalone.exe` on tag pushes using `smctl sign` with a cloud HSM-backed certificate. These changes reflect the updated DigiCert guidance for code signing through GitHub found here: https://github.com/marketplace/actions/digicert-binary-signing # API and ABI breaking changes No API or ABI changes. This change only affects the CI/CD packaging workflow. # Expected complexity level and risk 1 - This PR only adds code signing to existing CI packaging. Risk is limited to the Windows packaging step failing on tags; Linux and macOS builds are unaffected. # Testing - [X] Tested via workflow dispatch on tag `test-signing-v0.0.1` - [X] All three executables signed and verified successfully - [X] Signature verification confirms certificate chain - [X] Signed artifacts uploaded successfully