@@ -169,17 +169,11 @@ jobs:
169169
170170 const keyPath = path.resolve('private.key');
171171 fs.writeFileSync(keyPath, finalBuffer);
172-
173- // Create clean key file (just the base64 part) for tauri signer CLI
174- const cleanKeyPath = path.resolve('private.key.clean');
175- fs.writeFileSync(cleanKeyPath, line2);
176172
177173 console.log('Private key written to: ' + keyPath);
178- console.log('Clean key written to: ' + cleanKeyPath);
179174 console.log('Key length: ' + finalBuffer.length);
180175
181176 fs.appendFileSync(process.env.GITHUB_OUTPUT, `key_path=${keyPath}\n`);
182- fs.appendFileSync(process.env.GITHUB_OUTPUT, `clean_key_path=${cleanKeyPath}\n`);
183177env :
184178 SECRET_KEY : ${{ secrets.TAURI_PRIVATE_KEY }}
185179 shell : node {0}
@@ -197,7 +191,6 @@ jobs:
197191
198192 - name : Manually sign artifacts (fallback)
199193 run : |
200- $cleanKeyPath = "${{ steps.write-key.outputs.clean_key_path }}"
201194 $msiDir = "src-tauri/target/release/bundle/msi"
202195 $nsisDir = "src-tauri/target/release/bundle/nsis"
203196
@@ -208,8 +201,8 @@ jobs:
208201 $sigFile = "$file.sig"
209202 if (-not (Test-Path $sigFile)) {
210203 Write-Host "Manual signing required for: $file"
211- # Use tauri signer directly with clean key file (no comments)
212- npx tauri signer sign -f $cleanKeyPath $file
204+ # Use tauri signer directly with env-provided base64 key
205+ npx tauri signer sign $file
213206 if (Test-Path $sigFile) {
214207 Write-Host "Successfully signed: $file"
215208 } else {
@@ -225,6 +218,7 @@ jobs:
225218 Sign-Artifacts $msiDir ".msi"
226219 Sign-Artifacts $nsisDir ".exe"
227220env :
221+ TAURI_PRIVATE_KEY : ${{ secrets.TAURI_PRIVATE_KEY }}
228222 TAURI_PRIVATE_KEY_PASSWORD : ${{ secrets.TAURI_KEY_PASSWORD }}
229223
230224 - name : generate updater json
0 commit comments