Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(windows,code-sign): cannot sign binary files in Github Actions #8384

Merged
merged 1 commit into from
Jul 31, 2024

Conversation

BlackHole1
Copy link
Contributor

@BlackHole1 BlackHole1 commented Jul 29, 2024

Fixed: #7729 #8055

Signed-off-by: Kevin Cui [email protected]

Copy link

changeset-bot bot commented Jul 29, 2024

🦋 Changeset detected

Latest commit: 7dda1fa

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 8 packages
Name Type
app-builder-lib Patch
dmg-builder Patch
electron-builder-squirrel-windows Patch
electron-builder Patch
electron-forge-maker-appimage Patch
electron-forge-maker-nsis-web Patch
electron-forge-maker-nsis Patch
electron-forge-maker-snap Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copy link

netlify bot commented Jul 29, 2024

Deploy Preview for car-park-attendant-cleat-11576 ready!

Name Link
🔨 Latest commit 7dda1fa
🔍 Latest deploy log https://app.netlify.com/sites/car-park-attendant-cleat-11576/deploys/66a98fb37acaef00088f0b63
😎 Deploy Preview https://deploy-preview-8384--car-park-attendant-cleat-11576.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@NoahAndrews
Copy link
Contributor

Note that unlike powershell.exe, pwsh.exe has to be manually installed.

@BlackHole1
Copy link
Contributor Author

BlackHole1 commented Jul 30, 2024

@NoahAndrews Thank you for your addition, but I think it is not unacceptable to require developers to install pwsh.exe, just as it is necessary to use Parallels Desktop when packaging on a Mac :)

Update:

I suddenly realized that if we directly use pwsh.exe, this PR will be a breaking change😅. I will look for other solutions.

@beyondkmp
Copy link
Collaborator

Making this configurable by default to use PowerShell, and allowing users to set their own configurations, might be a good solution.

@BlackHole1 BlackHole1 changed the title fix(windows,code-sign): cannot sign binary files fix(windows,code-sign): cannot sign binary files in Github Actions Jul 30, 2024
@BlackHole1
Copy link
Contributor Author

BlackHole1 commented Jul 30, 2024

@NoahAndrews @beyondkmp I spent several hours investigating this matter, and the conclusion is: this is a BUG of GitHub Actions.

Although GitHub officially switched the default Shell for Windows to PowerShell on 10/23/2019, this is still different from explicitly using shell: PowerShell.

After investigation, I found that the difference between the two lies in the value of PSModulePath in the environment variables, as follows:

# Use Default Shell
PSModulePath Env: "...;c:\\program files\\powershell\\7\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules"

# Use shell: PowerShell
PSModulePath Env: "...;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules"

The fundamental cause of this problem lies in the fact that PowerShell prioritized the module c:\\program files\\powershell\\7\\Modules\\Microsoft.PowerShell.Security over C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security.
When I delete/rename c:\\program files\\powershell\\7\\Modules\\Microsoft.PowerShell.Security, the command will execute successfully.

So I believe this issue only occurs when: using the windows-runner in Github Actions, and the default shell is used.

In the latest fix, I solved the issue by prioritizing the use of pwsh.exe (falling back to powershell.exe if it doesn't exist).

PTAL @mmaietta

@mmaietta mmaietta merged commit f8fbdd1 into electron-userland:master Jul 31, 2024
13 checks passed
@github-actions github-actions bot mentioned this pull request Jul 31, 2024
@BlackHole1 BlackHole1 deleted the fix-code-sign branch July 31, 2024 02:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Issue with code signing with an EV certificate on Windows
4 participants