Code Signing in CI/CD Pipelines

Integrating OneSigner with CI/CD

Use OneSigner's REST API to sign binaries as part of your build pipeline.

API Endpoint

POST /api/signing/sign
Authorization: Bearer ADMIN_TOKEN
Content-Type: multipart/form-data

profileId=codesign-profile-1
file=@myapp.exe

Example: GitHub Actions

- name: Sign executable
  run: |
    curl -X POST https://sign.yourcompany.com/api/signing/sign 
      -H "Authorization: Bearer ${{ secrets.ONESIGNER_TOKEN }}" 
      -F "profileId=codesign-ev" 
      -F "file=@build/output/myapp.exe" 
      -o build/output/myapp-signed.exe

Example: Folder Watch

1. Configure a code signing profile with source folder mapped to a network share
2. CI/CD pipeline copies unsigned binaries to the share
3. OneSigner automatically signs and moves to destination
4. Pipeline picks up signed binaries from destination

Remote Access via Cloudflare Tunnel

For CI/CD servers outside your network, use Cloudflare Tunnel to expose OneSigner's API securely without opening firewall ports.