ci: test cert

Author: Kuingsmile

.github/scripts/tauri-sign-simplysign.ps1

@@ -47,10 +47,23 @@ function Restart-SimplySignDesktop {
 }
 
 function Run-SignTool($signtool, $args) {
-  $p = Start-Process -FilePath $signtool -ArgumentList $args -NoNewWindow -Wait -PassThru
+  if (-not $args) { throw "ArgumentList is null" }
+
+  # 强制展开成一维数组 -> 去掉 null/空串 -> 转成 string[]
+  $clean = @($args) `
+    | ForEach-Object { $_ } `
+    | Where-Object { $_ -ne $null -and "$_".Trim().Length -gt 0 } `
+    | ForEach-Object { [string]$_ }
+
+  if ($clean.Count -eq 0) { throw "ArgumentList became empty after cleaning" }
+
+  Write-Host "signtool args: $($clean -join ' ')"
+
+  $p = Start-Process -FilePath $signtool -ArgumentList $clean -NoNewWindow -Wait -PassThru
   return $p.ExitCode
 }
 
+
 $signtool = Find-SignTool
 $ts = $env:TAURI_SIGN_TIMESTAMP_URL
 if (-not $ts) { $ts = "http://time.certum.pl" }
@@ -64,15 +77,15 @@ Ensure-SmartCardService
 Clear-ReadOnly $FileToSign
 
 # Base args (NO /as)
-$base = @("sign", "/fd", "sha256", "/tr", $ts, "/td", "sha256")
+$base = [string[]]@("sign", "/fd", "sha256", "/tr", $ts, "/td", "sha256")
 
 # Strategy set:
 #  1) Prefer KSP (CNG) with /a
 #  2) Try CSP (legacy) with /a
 #  3) Allow user to override by env if needed (for future: /kc etc.)
 $strategies = @(
-  @{ name="KSP-auto"; args= $base + @("/csp","SimplySign KSP","/a",$FileToSign) },
-  @{ name="CSP-auto"; args= $base + @("/csp","SimplySign CSP","/a",$FileToSign) }
+  @{ name="KSP-auto"; args= [string[]]($base + @("/csp","SimplySign KSP","/a",$FileToSign)) },
+  @{ name="CSP-auto"; args= [string[]]($base + @("/csp","SimplySign CSP","/a",$FileToSign)) }
 )
 
 # Optional: if later你能拿到 key container，就可以在 workflow env 里填这俩