File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -127,6 +127,18 @@ jobs:
127127# --------------------------------------------
128128 # Decode signing cert
129129 # --------------------------------------------
130+ - name : Validate code signing secrets
131+ shell : pwsh
132+ run : |
133+ if ("${{ secrets.CODESIGN_PFX }}" -eq "") {
134+ Write-Error "Missing GitHub Actions secret: CODESIGN_PFX (base64-encoded .pfx). Set it in repo Settings -> Secrets and variables -> Actions."
135+ exit 1
136+ }
137+ if ("${{ secrets.CODESIGN_PASSWORD }}" -eq "") {
138+ Write-Error "Missing GitHub Actions secret: CODESIGN_PASSWORD. Set it in repo Settings -> Secrets and variables -> Actions."
139+ exit 1
140+ }
141+
130142name : Locate signtool.exe
131143 shell : pwsh
132144 run : |
@@ -158,7 +170,12 @@ jobs:
158170name : Decode code signing certificate
159171 shell : pwsh
160172 run : |
161- $bytes = [Convert]::FromBase64String("${{ secrets.CODESIGN_PFX }}")
173+ $b64 = "${{ secrets.CODESIGN_PFX }}"
174+ $bytes = [Convert]::FromBase64String($b64)
175+ if (-not $bytes -or $bytes.Length -lt 64) {
176+ Write-Error "CODESIGN_PFX decoded to an unexpectedly small payload. Ensure the secret is the full base64 of the .pfx file."
177+ exit 1
178+ }
162179 [IO.File]::WriteAllBytes("codesign.pfx", $bytes)
163180
164181# --------------------------------------------
You can’t perform that action at this time.
0 commit comments