chore: migrate digicert signing action to Node.js 24 successor - BED-8168

[StranDutton]

digicert/ssm-code-signing has been deprecated by the upstream maintainer and will not receive further updates, including a Node.js 24 runtime upgrade. Per the maintainer's post, migrate to the successor action digicert/code-signing-software-trust-action@v1.2.1, which runs on Node.js 24. Needed because our runners will stop being able to run node20 dependencies later this year

Summary by CodeRabbit

• Chores
  • Updated the repository's code-signing implementation to a new DigiCert signing action.
  • Preserved the existing signing step identifier to keep downstream outputs and integrations compatible; no other workflow trigger or gating changes were introduced.

[coderabbitai]

Walkthrough

Swaps the DigiCert code-signing action in .github/workflows/publish.yml for the sign job to digicert/code-signing-software-trust-action, keeping the step id: digicert unchanged.

Changes

Publish workflow updates

Layer / File(s)	Summary
DigiCert code-signing action swap .github/workflows/publish.yml	The sign job’s DigiCert step (id: digicert) now uses digicert/code-signing-software-trust-action instead of digicert/ssm-code-signing (line 101).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• SpecterOps/AzureHound#195: Both PRs modify the .github/workflows/publish.yml sign job to adjust signing workflow steps.

Suggested labels

dependencies

Suggested reviewers

• ktstrader

Poem

🐰 I hopped through YAML lines so neat,
Swapped a signing action, tidy and fleet,
The digicert id stayed the same,
CI hums along, unchanged name,
A rabbit cheers each tiny feat.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: migrating the digicert signing action to its Node.js 24 successor, with a related ticket reference.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch BED-8168-upgrade-actions-to-node24

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[StranDutton]

Pushed a temporary commit to confirm that the signing step still works as expected with the update! Link to workflow run (successful sign steps are evidence): https://github.com/SpecterOps/AzureHound/actions/runs/25814411820