-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MSIX installer to GitHub workflow #3331
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you also have a look at the msix
branch here: https://github.com/dscho/build-extra/commits/msix ?
In particular, it fixes the bug where no files were packaged.
However, as I pointed out here, there is a fundamental problem for now that prevents /dev/stderr
from being installed as expected.
pop-location | ||
- name: Sign standalone MSIX | ||
run: | | ||
Write-Output "Here we should sign the appxbundle that is in the buildstore folder with signtool." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can use the signtool.exe
, but I don't know where to find it. Maybe there is a default location, or an environment variable to find it?
Also, this step should be conditional on finding the secret variables, just like it was done here:
git/.github/workflows/git-artifacts.yml
Lines 169 to 180 in 508bb26
- name: Prepare home directory for code-signing | |
env: | |
CODESIGN_P12: ${{secrets.CODESIGN_P12}} | |
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}} | |
if: env.SKIP != 'true' && env.CODESIGN_P12 != '' && env.CODESIGN_PASS != '' | |
shell: bash | |
run: | | |
cd home && | |
mkdir -p .sig && | |
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 && | |
echo -n "$CODESIGN_PASS" >.sig/codesign.pass | |
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"' |
Sadly, you won't be able to use the sign-tool.sh
from build-extra
as in the linked workflow: it uses osslsigncode
, which is unable to sign .appx
/.msix
files. But you should be able to use signtool.exe
because the workflow is designed to run in GitHub Actions' agents, which have all kinds of software preinstalled, including the Windows Software Kit (or however it is called).
Any progress on this? |
The current situation is this:
|
Hi @dscho, I’m from the Microsoft Store team. We can definitely cover the publisher account fee for you. Send me a DM on Twitter/X if you're interested! If using Appx/MSIX is a concern, you can now list a classic MSI/EXE in the Store without needing to convert it, you only need to publish the URL of your installer. |
This is also ready now for a first go. Couple of comments:
There are various todos still, but I think for now it would be good to merge this and test whether we can actually produce a properly signed standalone MSIX and try that out. I'll open a separate issue to track things that still need to be sorted out.