Create GitHub Action to automatically sign scripts in the main branch #1
Description
Currently scripts are disabled on all systems, and for good reason. We do not want rogue scripts running on our systems. However, this means whenever we as admins want to run scripts on our or other user's systems, we need to either temporarily unrestrict this setting or open the script and copy paste into a terminal window.
By setting up an action to sign our scripts auto-magically, we can change the default execution policy to AllSigned and add our signing cert as a trusted publisher to all systems. This allows us to run scripts that we write (and push to this repository), while still preventing all other scripts from being run.
We'll need to work with the PKI Admins for the certificate side, but if we can push this through it would be a huge boon.