ci(app): electron builder Windows signing workaround (#18479)

y3rsh · web-flow · commit 26c3bf06009a · 2025-06-02T09:53:00.000-05:00
<electron-userland/electron-builder#9076>
diff --git a/.github/workflows/app-test-build-deploy.yaml b/.github/workflows/app-test-build-deploy.yaml
@@ -221,6 +221,32 @@ jobs:
         run: |
           make -C app dist
 
+      - name: Install and Invoke TrustedSigning @0.5.3 on dummy executable
+        # Work around from https://github.com/electron-userland/electron-builder/issues/9076#issuecomment-2855541018
+        if: startsWith(matrix.os, 'windows') && contains(needs.determine-build-type.outputs.type, 'release')
+        shell: pwsh
+        run: |
+            Install-Module -Name TrustedSigning -RequiredVersion 0.5.3 -Force -Repository PSGallery
+            # Create a dummy executable file
+            $dummyExePath = Join-Path -Path $env:GITHUB_WORKSPACE -ChildPath "dummy.exe"
+            Set-Content -Path $dummyExePath -Value "This is a dummy executable for testing purposes."
+            # Invoke Trusted Signing on the dummy executable
+            # Necessary to force dependency resolution
+            try {
+              Invoke-TrustedSigning `
+                -Endpoint 'https://eus.codesigning.azure.net/' `
+                -CertificateProfileName 'dummyName' `
+                -CodeSigningAccountName 'dummyName' `
+                -TimestampRfc3161 'http://timestamp.acs.microsoft.com' `
+                -TimestampDigest 'SHA256' `
+                -FileDigest 'SHA256' `
+                -Files $dummyExePath
+            } catch {
+              Write-Host "Invoke-TrustedSigning failed: $($_.Exception.Message)"
+              # Prevent the script from exiting with a non-zero status
+              exit 0
+            }
+
       # build the desktop app and deploy it
       - name: 'build ${{matrix.variant}} app for ${{ matrix.os }}'
         if: matrix.target == 'desktop'
