code-sign-action/action.yml at main · lando/code-sign-action

{"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":".github","path":".github","contentType":"directory"},{"name":"bin","path":"bin","contentType":"directory"},{"name":".gitignore","path":".gitignore","contentType":"file"},{"name":"CHANGELOG.md","path":"CHANGELOG.md","contentType":"file"},{"name":"README.md","path":"README.md","contentType":"file"},{"name":"action.yml","path":"action.yml","contentType":"file"},{"name":"entitlements.xml","path":"entitlements.xml","contentType":"file"},{"name":"package-lock.json","path":"package-lock.json","contentType":"file"},{"name":"package.json","path":"package.json","contentType":"file"}],"totalCount":9}},"fileTreeProcessingTime":4.0866560000000005,"foldersToFetch":[],"incompleteFileTree":false,"repo":{"id":481314397,"defaultBranch":"main","name":"code-sign-action","ownerLogin":"lando","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-04-13T17:37:12.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/31605584?v=4","public":true,"private":false,"isOrgOwned":true},"codeLineWrapEnabled":false,"symbolsExpanded":false,"treeExpanded":true,"refInfo":{"name":"main","listCacheKey":"v0:1748932883.0","canEdit":false,"refType":"branch","currentOid":"a5703d3b5486ada6e8efd08912110f8756e873e8"},"path":"action.yml","currentUser":null,"blob":{"rawLines":["name: \"Code Sign Action\"","description: \"A GitHub Action for code signing files. Particularly those generated with vercel/pkg.\"","branding:"," color: purple"," icon: lock","inputs:"," # Required"," file:"," description: \"The file to sign\""," required: true"," certificate-data:"," description: \"A `base64` encoded string of your `p12` or `pfx` cert contents. Note: if you use KeyLocker, this will be the base64 encoded client certificate (`SM_CLIENT_CERT_FILE`)\""," required: true"," certificate-password:"," description: \"The password to unlock the certificate-data\""," required: true",""," # Optional"," apple-notary-password:"," description: \"The Apple Developer account password to use in notarization\""," required: false"," apple-notary-user:"," description: \"The Apple Developer account email to use in notarization\""," required: false"," apple-notary-tool:"," description: \"The xcrun tool to use to notarize.\""," required: false"," default: notarytool"," apple-product-id:"," description: \"The unique product ID to use for notarization\""," required: false"," apple-team-id:"," description: \"The Apple Developer account Team ID\""," required: false"," certificate-id:"," description: \"A string to identify the correct signing cert\""," required: true"," keylocker-api-key:"," description: \"The API key to use for KeyLocker\""," required: false"," keylocker-cert-sha1-hash:"," description: \"The SHA1 hash of the certificate to use for KeyLocker\""," required: false"," keylocker-host:"," description: \"The host to use for KeyLocker\""," required: false"," keylocker-keypair-alias:"," description: \"The alias of the keypair to use for KeyLocker\""," required: false"," options:"," description: \"Extra options to pass to the codesigning tool\""," required: false"," signtool:"," description: \"The signtool to use\""," required: false"," default: auto","","outputs:"," file:"," description: \"The path to the signed binary.\""," value: ${{ steps.code-sign-action.outputs.file }}","","runs:"," using: composite"," steps:"," - name: Validate user inputs"," shell: bash"," run: |"," echo \"::group::Ensure file is set\""," if [ \"${{ inputs.file }}\" == \"\" ]; then"," echo \"::error title=File is not set!::You must specify a file to sign!\""," exit 1"," fi"," echo \"::endgroup::\"",""," echo \"::group::Ensure cert data is set\""," if [ \"${{ inputs.certificate-data }}\" == \"\" ]; then"," echo \"::error title=Cert data is not set!::You must specify the cert you want to sign with!\""," exit 2"," fi"," echo \"::endgroup::\"",""," echo \"::group::Ensure certificate password is set\""," if [ \"${{ inputs.certificate-password }}\" == \"\" ]; then"," echo \"::error title=Cert password is not set!::You must specify the password to unlock the cert with!\""," exit 2"," fi"," echo \"::endgroup::\"",""," - name: Set generic internal inputs"," id: code-sign-action-generic-internal"," shell: bash"," run: |"," # standardize os stuff"," if [ \"${{ runner.os }}\" == \"Linux\" ]; then"," echo \"os=linux\" \u003e\u003e $GITHUB_OUTPUT"," elif [ \"${{ runner.os }}\" == \"macOS\" ]; then"," echo \"os=macos\" \u003e\u003e $GITHUB_OUTPUT"," elif [ \"${{ runner.os }}\" == \"Windows\" ]; then"," echo \"os=win\" \u003e\u003e $GITHUB_OUTPUT"," fi",""," # cert id"," if [ \"${{ runner.os }}\" == \"macOS\" ] \u0026\u0026 [[ -n \"${{ inputs.apple-team-id }}\" ]]; then"," echo \"signid=${{ inputs.apple-team-id }}\" \u003e\u003e $GITHUB_OUTPUT"," else"," echo \"signid=${{ inputs.certificate-id }}\" \u003e\u003e $GITHUB_OUTPUT"," fi",""," # signtool discovery if needed"," if [ \"${{ inputs.signtool }}\" == \"auto\" ]; then"," # keylocker"," if [ \"${{ runner.os }}\" != \"macOS\" ] \\"," \u0026\u0026 [[ -n \"${{ inputs.keylocker-api-key }}\" ]] \\"," \u0026\u0026 [[ -n \"${{ inputs.keylocker-cert-sha1-hash }}\" ]] \\"," \u0026\u0026 [[ -n \"${{ inputs.keylocker-host }}\" ]] \\"," \u0026\u0026 [[ -n \"${{ inputs.keylocker-keypair-alias }}\" ]]; then"," echo \"signtool=keylocker\" \u003e\u003e $GITHUB_OUTPUT",""," # signtool"," elif [ \"${{ runner.os }}\" == \"Windows\" ]; then"," echo \"signtool=signtool\" \u003e\u003e $GITHUB_OUTPUT",""," # codesign"," elif [ \"${{ runner.os }}\" == \"macOS\" ]; then"," echo \"signtool=codesign\" \u003e\u003e $GITHUB_OUTPUT"," fi"," fi",""," # notarize logix"," if [ \"${{ runner.os }}\" == \"macOS\" ] \\"," \u0026\u0026 [[ -n \"${{ inputs.apple-notary-password }}\" ]] \\"," \u0026\u0026 [[ -n \"${{ inputs.apple-notary-user }}\" ]] \\"," \u0026\u0026 [[ -n \"${{ inputs.apple-product-id }}\" ]]; then"," echo \"notarize=true\" \u003e\u003e $GITHUB_OUTPUT"," fi",""," - name: Set osy internal inputs"," if: runner.os == 'Windows'"," id: code-sign-action-win-internal"," shell: powershell"," run: |"," # sign cert"," $certpath = \"$env:RUNNER_TEMP\\signcert.p12\""," Write-Output \"signcert=$certpath\" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8",""," # input file"," if ((Split-Path -Path \"${{ inputs.file }}\" -IsAbsolute) -eq $true) {"," $file=\"${{ inputs.file }}\""," } else {"," $file=\"$(Get-Location)/${{ inputs.file }}\""," }",""," Write-Output \"file=$file\" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8",""," # relative file path from GITHUB_WORKSPACE for keylocker things"," function Get-RelativePath {"," param ("," [string]$FromPath,"," [string]$ToPath"," )",""," # ensure paths are fully resolved"," $resolvedFromPath = (Resolve-Path -LiteralPath $FromPath).Path"," $resolvedToPath = (Resolve-Path -LiteralPath $ToPath).Path",""," # ensure $FromPath is treated as a directory (append a trailing slash if it's a directory and doesn't already have one)"," if ((Test-Path -LiteralPath $resolvedFromPath -PathType Container) -and ($resolvedFromPath -notlike '*\\')) {"," $resolvedFromPath += '\\'"," }",""," # create URI objects"," $fromUri = New-Object System.Uri -ArgumentList $resolvedFromPath"," $toUri = New-Object System.Uri -ArgumentList $resolvedToPath",""," # compute the relative path"," $relativeUri = $fromUri.MakeRelativeUri($toUri)"," $relativePath = [System.Uri]::UnescapeDataString($relativeUri.ToString())",""," # convert URI-style paths to file system style paths (Windows-specific)"," if ($relativePath -notlike \"*:*\") {"," $relativePath = $relativePath -replace '/', '\\'"," }",""," return $relativePath"," }",""," $relativePath = Get-RelativePath -FromPath \"$env:GITHUB_WORKSPACE\" -ToPath \"$file\""," Write-Output \"ghwrfile=$relativePath\" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8",""," - name: Set osy internal inputs"," if: runner.os != 'Windows'"," id: code-sign-action-posix-internal"," shell: bash"," run: |"," # sign cert"," certpath=\"$RUNNER_TEMP/signcert.p12\""," echo \"signcert=$certpath\" \u003e\u003e $GITHUB_OUTPUT",""," # input file"," if [[ \"${{ inputs.file }}\" == /* ]]; then"," echo \"file=${{ inputs.file }}\" \u003e\u003e $GITHUB_OUTPUT"," else"," echo \"file=$(pwd)/${{ inputs.file }}\" \u003e\u003e $GITHUB_OUTPUT"," fi",""," - name: Set internal inputs"," id: code-sign-action-internal"," shell: bash"," run: |"," # generics"," echo \"notarize=${{ steps.code-sign-action-generic-internal.outputs.notarize }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"os=${{ steps.code-sign-action-generic-internal.outputs.os }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"signid=${{ steps.code-sign-action-generic-internal.outputs.signid }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"signtool=${{ steps.code-sign-action-generic-internal.outputs.signtool }}\" \u003e\u003e $GITHUB_OUTPUT",""," # osy"," if [ \"${{ runner.os }}\" == \"Windows\" ]; then"," echo \"file=${{ steps.code-sign-action-win-internal.outputs.file }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"ghwrfile=${{ steps.code-sign-action-win-internal.outputs.ghwrfile }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"signcert=${{ steps.code-sign-action-win-internal.outputs.signcert }}\" \u003e\u003e $GITHUB_OUTPUT"," else"," echo \"file=${{ steps.code-sign-action-posix-internal.outputs.file }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"signcert=${{ steps.code-sign-action-posix-internal.outputs.signcert }}\" \u003e\u003e $GITHUB_OUTPUT"," fi",""," - name: Verify Outputs"," shell: bash"," run: |"," echo \"::group::Internal output information\""," echo \"file=${{ steps.code-sign-action-internal.outputs.file }}\""," echo \"ghwrfile=${{ steps.code-sign-action-internal.outputs.ghwrfile }}\""," echo \"notarize=${{ steps.code-sign-action-internal.outputs.notarize }}\""," echo \"os=${{ steps.code-sign-action-internal.outputs.os }}\""," echo \"signcert=${{ steps.code-sign-action-internal.outputs.signcert }}\""," echo \"signid=${{ steps.code-sign-action-internal.outputs.signid }}\""," echo \"signtool=${{ steps.code-sign-action-internal.outputs.signtool }}\""," echo \"::endgroup::\"",""," - name: Validate linux specific inputs"," if: steps.code-sign-action-internal.outputs.os == 'linux'"," shell: bash"," run: |"," echo \"::error::Codesigning is not available on Linux! FWIW its not usually necessary to sign binaries on Linux.\""," exit 1"," - name: Validate macos specific inputs"," if: steps.code-sign-action-internal.outputs.os == 'macos'"," shell: bash"," run: |"," # supported codesigner"," if [ \"${{ steps.code-sign-action-internal.outputs.signtool }}\" != \"codesign\" ]; then"," echo \"::error::You must specify osslsigncode, keylocker or smctl as your signtool! You specified ${{ steps.code-sign-action-internal.outputs.signtool }}.\""," exit 1"," fi",""," # team id"," if [ \"${{ steps.code-sign-action-internal.outputs.signid }}\" == \"\" ]; then"," echo \"::error::You must specify a certificate-id or apple-team-id to sign!\""," exit 1"," fi"," - name: Validate windows specific inputs"," if: steps.code-sign-action-internal.outputs.os == 'win'"," shell: bash"," run: |"," # supported codesigner"," if [ \"${{ steps.code-sign-action-internal.outputs.signtool }}\" != \"signtool\" ] \\"," \u0026\u0026 [ \"${{ steps.code-sign-action-internal.outputs.signtool }}\" != \"keylocker\" ] \\"," \u0026\u0026 [ \"${{ steps.code-sign-action-internal.outputs.signtool }}\" != \"smctl\" ]; then"," echo \"::error::You must specify osslsigncode, keylocker or smctl as your signtool! You specified ${{ steps.code-sign-action-internal.outputs.signtool }}.\""," exit 1"," fi",""," - name: Dump certs"," if: steps.code-sign-action-internal.outputs.os == 'macos'"," shell: bash"," run: |"," echo \"::group::Dumping inputs.certificate-data\""," echo \"Dumping cert to ${{ steps.code-sign-action-internal.outputs.signcert }}...\""," echo \"${{ inputs.certificate-data }}\" | base64 --decode \u003e \"${{ steps.code-sign-action-internal.outputs.signcert }}\""," echo \"::endgroup::\""," - name: Dump certs"," if: steps.code-sign-action-internal.outputs.os == 'win'"," shell: powershell"," run: |"," echo \"::group::Dumping inputs.certificate-data\""," Write-Output \"Dumping cert to ${{ steps.code-sign-action-internal.outputs.signcert }}...\""," $bytes = [Convert]::FromBase64String(\"${{ inputs.certificate-data }}\")"," [IO.File]::WriteAllBytes(\"${{ steps.code-sign-action-internal.outputs.signcert }}\", $bytes)"," echo \"::endgroup::\"",""," # signing with codesign on macos"," - name: Signing with ${{ steps.code-sign-action-internal.outputs.signtool }} (${{ steps.code-sign-action-internal.outputs.os }})"," if: steps.code-sign-action-internal.outputs.signtool == 'codesign'"," shell: bash"," run: |"," echo \"::group::Signsetup\""," # Throw error if file does not exist"," if [ ! -f \"${{ steps.code-sign-action-internal.outputs.file }}\" ]; then"," echo \"${{ steps.code-sign-action-internal.outputs.file }} does not exist!\""," exit 5"," fi",""," function import_cert() {"," security import \"$1\" -k ~/Library/Keychains/macos-build.keychain -P \"$2\" -T /usr/bin/codesign -T /usr/bin/productsign"," }",""," # Create keychain"," security create-keychain -p actions macos-build.keychain"," security default-keychain -s macos-build.keychain"," security unlock-keychain -p actions macos-build.keychain"," security set-keychain-settings -t 3600 -u macos-build.keychain",""," # attempt to import p12 directly but fallback if it fails"," if ! import_cert \"${{ steps.code-sign-action-internal.outputs.signcert }}\" \"${{ inputs.certificate-password }}\"; then"," openssl pkcs12 -in \"${{ steps.code-sign-action-internal.outputs.signcert }}\" -nocerts -out \"$RUNNER_TEMP/codesign.key\" -nodes -password pass:\"${{ inputs.certificate-password }}\""," openssl pkcs12 -in \"${{ steps.code-sign-action-internal.outputs.signcert }}\" -clcerts -nokeys -out \"$RUNNER_TEMP/codesign.crt\" -password pass:\"${{ inputs.certificate-password }}\""," import_cert \"$RUNNER_TEMP/codesign.key\" \"\""," import_cert \"$RUNNER_TEMP/codesign.crt\" \"\""," fi",""," # Key signing"," security set-key-partition-list -S apple-tool:,apple: -s -k actions macos-build.keychain"," echo \"::endgroup::\"",""," # Scope out the keychain"," security find-identity -v macos-build.keychain",""," # Force the codesignature"," codesign --force ${{ inputs.options }} -s \"${{ steps.code-sign-action-internal.outputs.signid }}\" \"${{ steps.code-sign-action-internal.outputs.file }}\"",""," # Verify the code signature"," codesign -v \"${{ steps.code-sign-action-internal.outputs.file }}\" --verbose",""," # signing with signtool on windows"," - name: Signing with ${{ steps.code-sign-action-internal.outputs.signtool }} (${{ steps.code-sign-action-internal.outputs.os }})"," if: steps.code-sign-action-internal.outputs.signtool == 'signtool'"," shell: powershell"," run: |"," $ErrorActionPreference = \"Stop\"",""," echo \"::group::Signsetup\""," # get some things for cert opts"," $file = \"${{ steps.code-sign-action-internal.outputs.file }}\""," $cert_secure_password = $null"," $signtool = \"${env:ProgramFiles(x86)}\\Windows Kits\\10\\bin\\x64\\signtool.exe\""," $signtool2022 = \"${env:ProgramFiles(x86)}\\Windows Kits\\10\\bin\\10.0.17763.0\\x86\\signtool.exe\"",""," # throw error if file does not exist"," if (!(Test-Path \"${{ steps.code-sign-action-internal.outputs.file }}\"))"," {"," throw \"${{ steps.code-sign-action-internal.outputs.file }} does not exist\""," }",""," # use more recent signtool if we can"," If (Test-Path $signtool2022) {"," $signtool = \"$signtool2022\""," }"," echo \"::endgroup::\"",""," # verify the cert and password are good"," Write-Output \"Verifying cert is good to go...\""," $cert_secure_password = ConvertTo-SecureString \"${{ inputs.certificate-password }}\" -AsPlainText -Force"," Import-PfxCertificate -FilePath \"${{ steps.code-sign-action-internal.outputs.signcert }}\" -Password $cert_secure_password -CertStoreLocation \"Cert:\\LocalMachine\\My\"",""," # sign and verify"," Write-Output \"Trying to sign ${{ steps.code-sign-action-internal.outputs.file }} with $signtool...\""," \u0026 $signtool sign -f \"${{ steps.code-sign-action-internal.outputs.signcert }}\" -p \"${{ inputs.certificate-password }}\" -fd sha256 -tr \"http://timestamp.comodoca.com/?td=sha256\" -td sha256 ${{ inputs.options }} -as -v \"${{ steps.code-sign-action-internal.outputs.file }}\""," Write-Output \"Verifying $file has been signed with the signtool...\""," \u0026 $signtool verify -pa -v \"${{ steps.code-sign-action-internal.outputs.file }}\"",""," - name: Signing with ${{ steps.code-sign-action-internal.outputs.signtool }} (${{ steps.code-sign-action-internal.outputs.os }})"," if: steps.code-sign-action-internal.outputs.signtool == 'keylocker' || steps.code-sign-action-internal.outputs.signtool == 'smctl'"," uses: cognitedata/code-sign-action/@v3"," with:"," path-to-binary: ${{ steps.code-sign-action-internal.outputs.ghwrfile }}"," env:"," CERTIFICATE_HOST: ${{ inputs.keylocker-host }}"," CERTIFICATE_HOST_API_KEY: ${{ inputs.keylocker-api-key }}"," CERTIFICATE_SHA1_HASH: ${{ inputs.keylocker-cert-sha1-hash }}"," CLIENT_CERTIFICATE: ${{ inputs.certificate-data }}"," CLIENT_CERTIFICATE_PASSWORD: ${{ inputs.certificate-password }}"," KEYPAIR_ALIAS: ${{ inputs.keylocker-keypair-alias }}",""," - name: Notarizing"," if: steps.code-sign-action-internal.outputs.notarize == 'true'"," uses: lando/notarize-action@v2"," with:"," appstore-connect-username: ${{ inputs.apple-notary-user }}"," appstore-connect-password: ${{ inputs.apple-notary-password }}"," appstore-connect-team-id: ${{ steps.code-sign-action-internal.outputs.signid }}"," primary-bundle-id: ${{ inputs.apple-product-id }}"," product-path: ${{ steps.code-sign-action-internal.outputs.file }}"," tool: ${{ inputs.apple-notary-tool }}"," verbose: true"," - name: Verifying Notarization"," if: steps.code-sign-action-internal.outputs.notarize == 'true'"," shell: bash"," run: codesign -vvvv -R=\"notarized\" --check-notarization \"${{ steps.code-sign-action-internal.outputs.file }}\""," - name: Set outputs"," id: code-sign-action"," shell: bash"," run: |"," echo \"::group::Setting outputs\""," echo \"file=${{ steps.code-sign-action-internal.outputs.file }}\" \u003e\u003e $GITHUB_OUTPUT"," echo \"::endgroup::\""],"stylingDirectives":null,"colorizedLines":null,"csv":null,"csvError":null,"dependabotInfo":{"showConfigurationBanner":false,"configFilePath":null,"networkDependabotPath":"/lando/code-sign-action/network/updates","dismissConfigurationNoticePath":"/settings/dismiss-notice/dependabot_configuration_notice","configurationNoticeDismissed":null},"displayName":"action.yml","displayUrl":"https://github.com/lando/code-sign-action/blob/main/action.yml?raw=true","headerInfo":{"blobSize":"17.3 KB","deleteTooltip":"You must be signed in to make or propose changes","editTooltip":"You must be signed in to make or propose changes","ghDesktopPath":"https://desktop.github.com","isGitLfs":false,"onBranch":true,"shortPath":"474bc53","siteNavLoginPath":"/login?return_to=https%3A%2F%2Fgithub.com%2Flando%2Fcode-sign-action%2Fblob%2Fmain%2Faction.yml","isCSV":false,"isRichtext":false,"toc":null,"lineInfo":{"truncatedLoc":"405","truncatedSloc":"359"},"mode":"file"},"image":false,"isCodeownersFile":null,"isPlain":false,"isValidLegacyIssueTemplate":false,"issueTemplate":null,"discussionTemplate":null,"language":"YAML","languageID":407,"large":false,"planSupportInfo":{"repoIsFork":null,"repoOwnedByCurrentUser":null,"requestFullPath":"/lando/code-sign-action/blob/main/action.yml","showFreeOrgGatedFeatureMessage":null,"showPlanSupportBanner":null,"upgradeDataAttributes":null,"upgradePath":null},"publishBannersInfo":{"dismissActionNoticePath":"/settings/dismiss-notice/publish_action_from_dockerfile","releasePath":"/lando/code-sign-action/releases/new?marketplace=true","showPublishActionBanner":false},"rawBlobUrl":"https://github.com/lando/code-sign-action/raw/refs/heads/main/action.yml","renderImageOrRaw":false,"richText":null,"renderedFileInfo":null,"shortPath":null,"symbolsEnabled":true,"tabSize":8,"topBannersInfo":{"overridingGlobalFundingFile":false,"globalPreferredFundingPath":null,"showInvalidCitationWarning":false,"citationHelpUrl":"https://docs.github.com/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-citation-files","actionsOnboardingTip":null},"truncated":false,"viewable":true,"workflowRedirectUrl":null,"symbols":{"timed_out":false,"not_analyzed":true,"symbols":[]}},"copilotInfo":null,"copilotAccessAllowed":false,"modelsAccessAllowed":false,"modelsRepoIntegrationEnabled":false,"csrf_tokens":{"/lando/code-sign-action/branches":{"post":"5xOb3Y542P7QjzMxzIXCrrdsGNHcmC7Jkb1m6ivaEF6uoP5fWMxcE2t6o4DceotlLx0hukdkU5FeHxdes1ysQA"},"/repos/preferences":{"post":"ukKozkVjFSCZjMWvsq2ewKwba50TXIJDU2--GdLBzDmeTbhBc7UmKDZnnqlxEKN9Srn2yNAEk2evQDCGDOI2iw"}}},"title":"code-sign-action/action.yml at main · lando/code-sign-action","appPayload":{"helpUrl":"https://docs.github.com","findFileWorkerPath":"/assets-cdn/worker/find-file-worker-263cab1760dd.js","findInFileWorkerPath":"/assets-cdn/worker/find-in-file-worker-1b17b3e7786a.js","githubDevUrl":null,"enabled_features":{"code_nav_ui_events":false,"react_blob_overlay":false,"accessible_code_button":true}}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!