Skip to content

Commit 21bdf40

Browse files
rewalorewalo
committed
Fix signtool
1 parent a919f8f commit 21bdf40

1 file changed

Lines changed: 14 additions & 9 deletions

File tree

.github/workflows/dotnet-desktop.yml

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -131,24 +131,29 @@ jobs:
131131
shell: pwsh
132132
run: |
133133
$candidates = @()
134+
134135
$kitsRoot = "${env:ProgramFiles(x86)}\Windows Kits\10\bin"
135-
if (Test-Path $kitsRoot) {
136-
$candidates += Get-ChildItem -Path $kitsRoot -Recurse -Filter signtool.exe -ErrorAction SilentlyContinue
137-
}
138-
$candidates += Get-ChildItem -Path "${env:ProgramFiles(x86)}\Microsoft SDKs" -Recurse -Filter signtool.exe -ErrorAction SilentlyContinue
136+
if (Test-Path $kitsRoot) { $candidates += Get-ChildItem -Path $kitsRoot -Recurse -Filter signtool.exe -ErrorAction SilentlyContinue }
137+
138+
$sdkRoot = "${env:ProgramFiles(x86)}\Microsoft SDKs"
139+
if (Test-Path $sdkRoot) { $candidates += Get-ChildItem -Path $sdkRoot -Recurse -Filter signtool.exe -ErrorAction SilentlyContinue }
139140
141+
# Prefer x64 signtool if present (better default for signing 64-bit binaries)
140142
$signtool = $candidates |
141-
Sort-Object FullName -Descending |
143+
Sort-Object @{ Expression = { $_.FullName -match "\\x64\\signtool\.exe$" }; Descending = $true }, `
144+
@{ Expression = { $_.FullName }; Descending = $true } |
142145
Select-Object -First 1
143146
144-
if (-not $signtool) {
147+
if (-not $signtool -or -not (Test-Path $signtool.FullName)) {
145148
Write-Error "signtool.exe not found on runner."
146149
exit 1
147150
}
148151
149152
Write-Host "Found signtool: $($signtool.FullName)"
153+
# PATH updates via GITHUB_PATH only apply to subsequent steps, so also store full path for direct invocation.
150154
Add-Content -Path $env:GITHUB_PATH -Value $signtool.Directory.FullName
151-
signtool /?
155+
Add-Content -Path $env:GITHUB_ENV -Value "SIGNTOOL=$($signtool.FullName)"
156+
& $signtool.FullName /?
152157
153158
- name: Decode code signing certificate
154159
shell: pwsh
@@ -186,7 +191,7 @@ jobs:
186191
shell: pwsh
187192
run: |
188193
$exeFile = "${{ steps.prepare-files.outputs.exe-file }}"
189-
signtool sign `
194+
& $env:SIGNTOOL sign `
190195
/f codesign.pfx `
191196
/p "${{ secrets.CODESIGN_PASSWORD }}" `
192197
/fd sha256 `
@@ -201,7 +206,7 @@ jobs:
201206
shell: pwsh
202207
run: |
203208
$msiFile = "${{ steps.prepare-files.outputs.msi-file }}"
204-
signtool sign `
209+
& $env:SIGNTOOL sign `
205210
/f codesign.pfx `
206211
/p "${{ secrets.CODESIGN_PASSWORD }}" `
207212
/fd sha256 `

0 commit comments

Comments
 (0)