cicd-integrations
2025.10
true
重要 :
请注意,此内容已使用机器翻译进行了部分本地化。 新发布内容的本地化可能需要 1-2 周的时间才能完成。
UiPath logo, featuring letters U and I in white

CI/CD 集成用户指南

上次更新日期 2025年12月10日

为解决方案包签名

UiPath CLI 25.10 引入了在打包操作期间对自动化解决方案包进行数字签名的功能。包签名可提供真实性验证,并确保解决方案包在创建后未遭篡改,从而增强 CI/CD 管道的安全性。

当您为解决方案包签名时,CLI:

  1. 创建解决方案.zip包文件
  2. 将使用您的证书的数字签名应用于.zip文件内的所有 Nuget 包。
  3. (可选)为签名添加时间戳,以实现长期有效性

支持的证书类型

CLI 支持 PKCS#12 (.pfx) 证书格式。

重要提示:

证书必须满足以下条件:

  • 包括用于签名的私钥
  • 有效(未过期)
  • 具有代码签名功能

参数

solution pack命令支持以下签名参数:

参数描述必填
--certificatePath证书文件 (.pfx) 的路径是(如果签名)
--certificatePassword证书文件的密码
--timestampServerUrlRFC 3161 时间戳服务器的 URL

用法示例

使用证书进行基本签名
# Windows
uipcli solution pack "C:\Solutions\MyAutomationSolution" `
  -v "1.0.0" `
  -o "C:\Packages" `
  --certificatePath "C:\Certificates\codesign.pfx" `
  --certificatePassword "YourPassword123"

# Linux/macOS
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123"
# Windows
uipcli solution pack "C:\Solutions\MyAutomationSolution" `
  -v "1.0.0" `
  -o "C:\Packages" `
  --certificatePath "C:\Certificates\codesign.pfx" `
  --certificatePassword "YourPassword123"

# Linux/macOS
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123"
使用时间戳服务器签名

添加时间戳可确保签名即使在证书过期后也有效。

uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123" \
  --timestampServerUrl "http://timestamp.digicert.com"
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123" \
  --timestampServerUrl "http://timestamp.digicert.com"
使用 Orchestrator 库依赖项进行签名
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --libraryOrchestratorUrl "https://cloud.uipath.com/" \
  --libraryOrchestratorTenant "Default" \
  -A "myorg" \
  -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \
  -S "********" \
  --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \
  --libraryOrchestratorFolder "Shared" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123" \
  --timestampServerUrl "http://timestamp.digicert.com"
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --libraryOrchestratorUrl "https://cloud.uipath.com/" \
  --libraryOrchestratorTenant "Default" \
  -A "myorg" \
  -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \
  -S "********" \
  --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \
  --libraryOrchestratorFolder "Shared" \
  --certificatePath "./certificates/codesign.pfx" \
  --certificatePassword "YourPassword123" \
  --timestampServerUrl "http://timestamp.digicert.com"
使用无密码证书签名
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx"
uipcli solution pack "./MyAutomationSolution" \
  -v "1.0.0" \
  -o "./packages" \
  --certificatePath "./certificates/codesign.pfx"
CI/CD 管道示例 (GitHub Actions)
- name: Pack and sign solution package
  env:
    CERT_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
    APP_SECRET: ${{ secrets.UIPATH_APP_SECRET }}
  run: |
    uipcli solution pack "./src/MyAutomationSolution" \
      -v "1.0.${{ github.run_number }}" \
      -o "./output" \
      --libraryOrchestratorUrl "https://cloud.uipath.com/" \
      --libraryOrchestratorTenant "Default" \
      -A "myorg" \
      -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \
      -S "$APP_SECRET" \
      --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \
      --certificatePath "./certs/codesign.pfx" \
      --certificatePassword "$CERT_PASSWORD" \
      --timestampServerUrl "http://timestamp.digicert.com"
- name: Pack and sign solution package
  env:
    CERT_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
    APP_SECRET: ${{ secrets.UIPATH_APP_SECRET }}
  run: |
    uipcli solution pack "./src/MyAutomationSolution" \
      -v "1.0.${{ github.run_number }}" \
      -o "./output" \
      --libraryOrchestratorUrl "https://cloud.uipath.com/" \
      --libraryOrchestratorTenant "Default" \
      -A "myorg" \
      -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \
      -S "$APP_SECRET" \
      --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \
      --certificatePath "./certs/codesign.pfx" \
      --certificatePassword "$CERT_PASSWORD" \
      --timestampServerUrl "http://timestamp.digicert.com"
Azure DevOps 管道示例
- task: PowerShell@2
  displayName: 'Pack and Sign Solution'
  env:
    CERT_PASSWORD: $(CertificatePassword)
    APP_SECRET: $(UiPathAppSecret)
  inputs:
    targetType: 'inline'
    script: |
      uipcli solution pack "$(Build.SourcesDirectory)\MyAutomationSolution" `
        -v "$(Build.BuildNumber)" `
        -o "$(Build.ArtifactStagingDirectory)" `
        --libraryOrchestratorUrl "https://cloud.uipath.com/" `
        --libraryOrchestratorTenant "Default" `
        -A "myorg" `
        -I "becc663c-8f1e-409a-a75f-c00330d80bc8" `
        -S "$env:APP_SECRET" `
        --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" `
        --certificatePath "$(Build.SourcesDirectory)\certs\codesign.pfx" `
        --certificatePassword "$env:CERT_PASSWORD" `
        --timestampServerUrl "http://timestamp.digicert.com"
- task: PowerShell@2
  displayName: 'Pack and Sign Solution'
  env:
    CERT_PASSWORD: $(CertificatePassword)
    APP_SECRET: $(UiPathAppSecret)
  inputs:
    targetType: 'inline'
    script: |
      uipcli solution pack "$(Build.SourcesDirectory)\MyAutomationSolution" `
        -v "$(Build.BuildNumber)" `
        -o "$(Build.ArtifactStagingDirectory)" `
        --libraryOrchestratorUrl "https://cloud.uipath.com/" `
        --libraryOrchestratorTenant "Default" `
        -A "myorg" `
        -I "becc663c-8f1e-409a-a75f-c00330d80bc8" `
        -S "$env:APP_SECRET" `
        --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" `
        --certificatePath "$(Build.SourcesDirectory)\certs\codesign.pfx" `
        --certificatePassword "$env:CERT_PASSWORD" `
        --timestampServerUrl "http://timestamp.digicert.com"

建议使用时间戳服务器,以确保签名在证书过期后仍然有效:

  • http://timestamp.digicert.com - DigiCert
  • http://timestamp.comodoca.com - Sectego (Comodo)
  • http://timestamp.globalsign.com - 全局标志
  • http://timestamp.sectigo.com - Sectgo

最佳实践

安全的证书存储
  • 从不将证书提交版本控制
  • 使用安全存储解决方案:
    • Azure 密钥保管库
    • AWS Secrets Manager
    • HashiCorp 保险库
    • GitHub 密码 / Azure DevOps 安全文件
    • CI/CD 平台密码管理
时间戳使用情况
  • 在生产环境中始终使用时间戳服务器
  • 时间戳可确保签名在证书过期后仍然有效
证书管理
  • 使用专用代码签名证书
  • 在证书到期前轮换证书
  • 安全地维护证书备份

此页面有帮助吗?

支持与服务
获取您需要的帮助
UiPath Academy
了解 RPA - 自动化课程
UiPath 论坛
UiPath Community 论坛
Uipath Logo
信任与安全
使用条款
隐私策略
Cookie 政策
© 2005-2025 UiPath。保留所有权利。