github-actionssigntoolmsixappx

How to Sign appx / msix package using SignTool in GitHub Actions


I'm trying to do the equivalent of this command on a Windows GitHub Actions runner:

SignTool sign /fd sha256 /a 
/f $certificatePath /p $certificatePwd $Packages_2Sign

This results in the following error on GitHub Actions:

     | The term 'SignTool' is not recognized as a name of a cmdlet, function, script file, or executable
     | program. Check the spelling of the name, or if a path was included, verify that the path is correct
     | and try again.

Looking at the Marketplace on GitHub I don't see anything that can sign appx, only .dll's or .ps1 files. Microsoft recommended tool requires an Azure account: https://learn.microsoft.com/en-us/windows/msix/desktop/cicd-keyvault?source=recommendations#using-azure-signtool-with-github-actions

Tips/suggestions welcome and appreciated!


Solution

  • As a Windows user, what you might understand on day 1 is that no all executable is added to Windows PATH, so merely calling executable by name won't work as the error message indicated.

    You can use something like

    $signtool = "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe"
    & $signtool sign /fd sha256 /a /f $certificatePath /p $certificatePwd $Packages_2Sign
    

    in PowerShell instead.

    Fully example can be found in this repo.