Code Signing For Visual Studio Projects
When using CircleCI's Windows Orb, to sign a visual studio project, the user needs to already have a PFX certificate file and know the thumbprint for the file. Documentation on thumbprinting can be found here.
Modify The .csproject file
In the .csproject
file in default <PropertyGroup>
tag, add a <PackageCertificateThumbprint>
tag populated with the thumbprint of the certificate.
Load the certificate into the keystore
You will have to do the following to successfully make the certificate discoverable and accessible in the windows certificate stores. This script simplifies that process.
Usage for this script is:
ImportCert.ps1 -KeyPath {Path to certificate file} -KeyPass {The above configuration assumes tha the certificate file is located at $PROJECT_ROOT\TestApp\TestApp_TemporaryKey.pfxPassword for certificate}
Configure Build in Build Config
version: 2.1
orbs:
win: circleci/windows@2.4.0
jobs:
build:
executor:
name: win/default
size: "medium"
steps:
- checkout
- run: C:\Users\circleci\project\TestApp\scripts\ImportCert.ps1 -KeyPath C:\Users\circleci\project\TestApp\TestApp_TemporaryKey.pfx -KeyPass testpassword # load certificate into store
- run:
name: build
command: |
$ProgressPreference = "SilentlyContinue"
msbuild TestApp\TestApp.csproj /p:Configuration=Release /p:AppxBundle=Always /p:AppxBundlePlatforms="x86|x64|ARM" /p:BuildAppxUploadPackageForUap=true /p:AppxPackageSigningEnabled=true /p:PackageCertificatePassword="testpassword" -restore #Run the msbuild process
workflows:
version: 2
build_and_upload_artifact:
jobs:
- build
The above configuration assumes that the certificate file is located at :
$PROJECT_ROOT\TestApp\TestApp_TemporaryKey.pfx
Example Project
An example project with code signing can be found here.
Comments
Article is closed for comments.