1

I'm trying to do the equivalent of this command on a Windows GitHub Actions runner:

SignTool sign /fd sha256 /a 
/f $certificatePath /p $certificatePwd $Packages_2Sign

This results in the following error on GitHub Actions:

     | The term 'SignTool' is not recognized as a name of a cmdlet, function, script file, or executable
     | program. Check the spelling of the name, or if a path was included, verify that the path is correct
     | and try again.

Looking at the Marketplace on GitHub I don't see anything that can sign appx, only .dll's or .ps1 files. Microsoft recommended tool requires an Azure account: https://learn.microsoft.com/en-us/windows/msix/desktop/cicd-keyvault?source=recommendations#using-azure-signtool-with-github-actions

Tips/suggestions welcome and appreciated!

Coden00b
  • 87
  • 1
  • 8

1 Answers1

2

As a Windows user, what you might understand on day 1 is that no all executable is added to Windows PATH, so merely calling executable by name won't work as the error message indicated.

You can use something like

$signtool = "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe"
& $signtool sign /fd sha256 /a /f $certificatePath /p $certificatePwd $Packages_2Sign

in PowerShell instead.

Fully example can be found in this repo.

Lex Li
  • 60,503
  • 9
  • 116
  • 147