Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: code sign validation for setuptools #1570

Merged
merged 4 commits into from
Aug 29, 2024
Merged

fix: code sign validation for setuptools #1570

merged 4 commits into from
Aug 29, 2024

Conversation

hallvictoria
Copy link
Contributor

@hallvictoria hallvictoria commented Aug 29, 2024
edited
Loading

Description

For Windows builds, .exe files brought by setuptools didn't have signing certificates. The recommended template for ESRP signing doesn't work with .exe files. However, since setuptools is only brought by pyproject.toml to build the worker, it doesn't need to be brought as a worker dependency. This excludes setuptools from being part of the published worker artifact.

Failing pipeline due to signing (internal only)
Passing pipeline with these changes (internal only)

  • enable code sign validation for the official build
    • ESRP signing isn't needed for the public build or any of the test pipelines
    • official build will fail if any other artifact files fail to be signed correctly
  • excludes setuptools from being packaged as part of the worker
    • excludes the setuptools directory and dist

Fixes #

PR information

  • The title of the PR is clear and informative.
  • There are a small number of commits, each of which has an informative message. This means that previously merged commits do not appear in the history of the PR. For information on cleaning up the commits in your pull request, see this page.
  • If applicable, the PR references the bug/issue that it fixes in the description.
  • New Unit tests were added for the changes made and CI is passing.

Quality of Code and Contribution Guidelines

@hallvictoria hallvictoria marked this pull request as ready for review August 29, 2024 16:32
@hallvictoria hallvictoria merged commit 2383eea into dev Aug 29, 2024
28 checks passed
@hallvictoria hallvictoria deleted the hallvictoria/esrp-signing branch August 29, 2024 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gavin-aguiar gavin-aguiar gavin-aguiar approved these changes

@vrdmr vrdmr vrdmr approved these changes

@YunchuWang YunchuWang Awaiting requested review from YunchuWang YunchuWang is a code owner

@pdthummar pdthummar Awaiting requested review from pdthummar pdthummar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hallvictoria @vrdmr @gavin-aguiar