[release/v7.4.16] Add macOS binary code signing and package notarization by adityapatwardhan · Pull Request #27431 · PowerShell/PowerShell
Copilot AI review requested due to automatic review settings
We still need to apply the template signing so that Guardian tasks pass and so that script files are signed. After doing what's essentially Windows signing, we sign and harden the binaries for macOS. Then we do the same for the PKG installer, and finally notarize it. The ESRP signing service requires a zip of files for Apple signing at all stages. Now that we can use it via the OneBranch signing task we no longer need the service connection or variable group that was trying to set it up. Notarization requires the BundleId from Get-MacOSPackageIdentifierInfo. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters