From cd5f73d939b6d91ce3d9efcc5b8a800542041698 Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Fri, 6 Feb 2026 06:39:45 -0800 Subject: Use azure-cli for signing authentication The previous method was deprecated by Azure. --- .github/workflows/build.yml | 21 ++++++++++----------- src/Directory.Build.targets | 2 +- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 554d3c17..800749cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,7 +41,7 @@ jobs: - name: Install sign tool if: ${{ env.SignBuild == 'true' }} shell: cmd - run: dotnet tool install --tool-path build\.tools sign --version 0.9.1-beta.24170.3 + run: dotnet tool install --tool-path build\.tools sign --version 0.9.1-beta.26102.1 - name: Configure automated logging and crash dumps shell: cmd @@ -55,23 +55,22 @@ jobs: reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpCount /d 10 /f reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpType /d 1 - # - name: 'Az CLI login' - # if: ${{ env.SignBuild == 'true' }} - # uses: azure/login@v1 - # with: - # allow-no-subscriptions: true - # client-id: ${{ secrets.WIX_SIGNING_CLIENTID }} - # tenant-id: ${{ secrets.WIX_SIGNING_TENANTID }} + - name: 'Az CLI login' + if: ${{ env.SignBuild == 'true' }} + uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # tag: v2.3.0 + with: + allow-no-subscriptions: true + client-id: ${{ secrets.WIX_SIGNING_CLIENTID }} + tenant-id: ${{ secrets.WIX_SIGNING_TENANTID }} - name: Build wix7 shell: cmd run: ./src/build_official.cmd env: RuntimeTestsEnabled: true + AZURE_CLIENT_ID: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CLIENTID || '' }} + AZURE_TENANT_ID: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_TENANTID || '' }} SigningKeyVaultUri: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_VAULTURI || '' }} - SigningTenantId: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_TENANTID || '' }} - SigningClientId: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CLIENTID || '' }} - SigningClientSecret: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_SECRET || '' }} SigningCertName: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CERTNAME || '' }} - name: Validate test results diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets index 45320d19..7e13ae83 100644 --- a/src/Directory.Build.targets +++ b/src/Directory.Build.targets @@ -5,7 +5,7 @@ $(ToolsFolder)\sign.exe code azure-key-vault - --description "WiX Toolset" --description-url "https://wixtoolset.org/" --recurse-containers=false --azure-key-vault-url $(SigningKeyVaultUri) --azure-key-vault-tenant-id $(SigningTenantId) --azure-key-vault-client-id $(SigningClientId) --azure-key-vault-client-secret $(SigningClientSecret) --azure-key-vault-certificate $(SigningCertName) --timestamp-url "http://timestamp.digicert.com" + --publisher-name "WiX Toolset" --description "WiX Toolset" --description-url "https://wixtoolset.org/" --recurse-containers=false --azure-credential-type azure-cli --azure-key-vault-url "$(SigningKeyVaultUri)" --azure-key-vault-certificate "$(SigningCertName)" -- cgit v1.2.3-55-g6feb