search

microsoft / github-actions-for-desktop-apps

This repo contains a sample WPF application to demonstrate how to create CI/CD pipelines using GitHub Actions.
MIT License
352 stars 109 forks source link

Could not find file "GitHubActionsWorkflow.pfx" #45

Closed medallyon closed 2 years ago

medallyon commented 2 years ago

I've been figuring this workflow out for hours. My current roadblock is to do with supplying the msbuild command with the correct PFX. I used the provided template and followed the instructions to a tee.

It appears that msbuild is trying to find the locally generated certificate, the one that is generated through the Project Properties, but is not committed (I conveniently named it GitHubActionsWorkflow.pfx). For some reason, it's not picking up the supplied file along with the supplied secret key.

C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(3326,5): error MSB3322: Unable to get MD5 checksum for the key file "..\GitHubActionsWorkflow.pfx". Could not find file 'D:\a\my-project\my-project\GitHubActionsWorkflow.pfx'. [D:\a\my-project\my-project\project1\project1.csproj]
Done Building Project "D:\a\my-project\my-project\project1\project1.csproj" (build target(s)) -- FAILED.
C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Microsoft\DesktopBridge\Microsoft.DesktopBridge.targets(498,5): error MSB4181: The "MSBuild" task returned false but did not log an error. [D:\a\my-project\my-project\WindowsAppPackaging\WindowsAppPackaging.wapproj]
Done Building Project "D:\a\my-project\my-project\WindowsAppPackaging\WindowsAppPackaging.wapproj" (default targets) -- FAILED.

Build FAILED.

I tried un-checking the Sign the Assembly option and it successfully built the solution. However, attempting to run install.ps1 resulted in the following:

Found bundle: D:\Medallyon\Desktop\WindowsAppPackaging_1.0.0.0_Test\WindowsAppPackaging_1.0.0.0_x86.appxbundle
Error: The package or bundle is not digitally signed or its signature is corrupted.
Press Enter to continue...:

Am I supposed to un-check the Sign the Assembly option after uploading my encoded certificate? If so, what use does supplying msbuild with a decoded certificate file have if the assembly is not signed? And, most importantly, how do I fix this? image

LanceMcCarthy commented 2 years ago

You want to export the pfx file as a base64 string, then put that string into a GitHub Actions secret.

In the workflow, there is a step that loads the base64 string and saves it as a that file you're referring to.

Never commit the file with your code (even in a private repo)! It is something you do not want anyone to have because it contains the private key of your code signing certificate.

Here is the exact line that loads up the base 64 from the secret https://github.com/microsoft/github-actions-for-desktop-apps/blob/lance/net6-update/.github/workflows/cd-net6-temp.yml#L124

Different Example with Single TFM

If you want to see a simpler version of such a workflow, here's another one you can look at https://github.com/LanceMcCarthy/MediaFileManager/blob/7791c69edbfe730e409a7158ab3fcd44ff7ac218/.github/workflows/cd_release_sideload.yml#L124

If you do not need to sign the package (you're only trying to do a build without packaging), then you can look at this workflow as a guide https://github.com/LanceMcCarthy/MediaFileManager/blob/main/.github/workflows/ci_main.yml

If you do not need to sign, but still want to create a msixbundle for the Microsoft Store, use this one https://github.com/LanceMcCarthy/MediaFileManager/blob/main/.github/workflows/cd_release_msstore.yml