UWP project failed on GitHub Actions because certificate is invalid APPX0107

Question

I have a project in GitHub that have UWP project in here.

I want to setup GitHub Actions for this project with this main.yml configuration

When GitHub Actions want to build my solution with below commands

- name: Library build

  run: |

    cd src

    nuget restore

    msbuild PCLAppConfig.sln /verbosity:normal /t:Rebuild /p:Configuration=Release

I see failed error with below error in UWP building

2020-03-23T13:07:20.1871936Z "D:\a\PCLAppConfig\PCLAppConfig\src\PCLAppConfig.sln" (Rebuild target) (1) ->
2020-03-23T13:07:20.1872322Z "D:\a\PCLAppConfig\PCLAppConfig\src\DemoApp\DemoApp.UWP\DemoApp.UWP.csproj" (Rebuild target) (10) ->
2020-03-23T13:07:20.1872524Z (_GenerateCurrentProjectAppxManifest target) -> 
2020-03-23T13:07:20.1872807Z   C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(2650,5): warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [D:\a\PCLAppConfig\PCLAppConfig\src\DemoApp\DemoApp.UWP\DemoApp.UWP.csproj]
2020-03-23T13:07:20.1873172Z 
2020-03-23T13:07:20.1873447Z 
2020-03-23T13:07:20.1873657Z "D:\a\PCLAppConfig\PCLAppConfig\src\PCLAppConfig.sln" (Rebuild target) (1) ->
2020-03-23T13:07:20.1873802Z "D:\a\PCLAppConfig\PCLAppConfig\src\DemoApp\DemoApp.UWP\DemoApp.UWP.csproj" (Rebuild target) (10) ->
2020-03-23T13:07:20.1873935Z (_GenerateAppxPackageFile target) -> 
2020-03-23T13:07:20.1874153Z   C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(3402,5): error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [D:\a\PCLAppConfig\PCLAppConfig\src\DemoApp\DemoApp.UWP\DemoApp.UWP.csproj]
2020-03-23T13:07:20.1874919Z 
2020-03-23T13:07:20.1875022Z     4 Warning(s)
2020-03-23T13:07:20.1875125Z     1 Error(s)
2020-03-23T13:07:20.1875697Z 
2020-03-23T13:07:20.1875988Z Time Elapsed 00:03:28.50
2020-03-23T13:07:20.6575030Z ##[error]Process completed with exit code 1.

the note is if I run msbuild PCLAppConfig.sln /verbosity:normal /t:Rebuild /p:Configuration=Release in local computer, build is successfully and does not have any error, and I can run UWP app locally.

My question is what is my problem? and how can I resolve this?

I don't sure, but is it possible https://stackoverflow.com/q/60492910/1539100 is relative to my error? my error code is different — sorosh_sabz, Mar 23 '20 at 13:43
Are you sure your cert in the UWP app is still valid? Open it and check dates, maybe you need to generate fresh cert. And self signed certs are not valid for side loaded apps, you need code signing cert if you make packages not for win store. — Access Denied, Mar 23 '20 at 15:09
Yes I sure, because before this problem, msbuild says expire cert error, that I renew cert and resolve this problem, I say again this project is completely build in my PC without any error on PowerShell. thanks for response — sorosh_sabz, Mar 23 '20 at 15:22
Please check if your github repos contains the pfx certificate file, in general, it will ignore pfx file when upload the solution. — Nico Zhu, Mar 27 '20 at 06:25

lindexi · Accepted Answer · 2020-03-24T00:42:07.070

You should set the PackageCertificateKeyFile and sure the file push to the GitHub. And you should add the password to your pfx file.

    /p:PackageCertificateKeyFile=Package_TemporaryKey.pfx /p:PackageCertificatePassword="123"

Please replace the Package_TemporaryKey.pfx and the password.

If you do not want to push the pfx file to GitHub that you can use github secrets

The first is parse the pfx file as base64 string.

The second is set the pfx file base64 string to github secrets.

And then you can use this base64 string before you start build.

Decode the Base64 encoded Pfx
- name: Decode the Pfx
  run: |
    $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.Base64_Encoded_Pfx }}")
    $currentDirectory = Get-Location
    $certificatePath = Join-Path -Path $currentDirectory -ChildPath $env:Wap_Project_Directory -AdditionalChildPath $env:SigningCertificate
    [IO.File]::WriteAllBytes("$certificatePath", $pfx_cert_byte)

And you can find my sample code in github

Edit

I read your code and found the DemoApp.UWP_TemporaryKey.pfx and Windows_TemporaryKey.pfx file. Because my Internet speed is very poor, and could you clean your code by git clean -xdf and then use commandline to compile in locally? Maybe you should explicitly specify which file to use.

Thanks a lot for replying, Did I can use your command with msbuild automatically? ( for example write something in csproj or in sln files?) or I have to write command in script file? — sorosh_sabz, Mar 26 '20 at 13:56
I remove Windows_TemporaryKey.pfx and all things is correct, thanks :) — sorosh_sabz, Mar 31 '20 at 12:46

UWP project failed on GitHub Actions because certificate is invalid APPX0107

1 Answers1