Quick fix for windows codesign failures with digicert (#6275)

* pierremtb/issue6256-another-test * yarn to npm install * Revert "yarn to npm install" This reverts commit 4a3daf950f. * yarn to npm install * Force IS_RELEASE=true * Clean up for review
2025-04-11 10:31:44 -04:00
parent 121c393466
commit 7d3294ff78
1 changed files with 7 additions and 0 deletions
--- a/.github/workflows/build-apps.yml
+++ b/.github/workflows/build-apps.yml
@ -207,6 +207,13 @@ jobs:
          smctl.exe keypair ls
          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
          smksp_cert_sync.exe
+          smctl windows certsync
+        # This last line `smctl windows certsync` was added after windows codesign failures started happening
+        # with nightly-v25.4.10. It looks like `smksp_cert_sync.exe` used to do the sync to the local cert store,
+        # but stopped doing it overnight. This extra call that I randomly got from this azure-related doc page
+        # https://docs.digicert.com/en/digicert-keylocker/code-signing/sign-with-third-party-signing-tools/windows-applications/sign-azure-apps-with-signtool-using-ksp-library.html#sync-certificates--windows-only--618365
+        # seems to be doing that extra sync that we need for scripts/sign-win.js to work.
+        # TODO: we still need to make sign-win.js errors fail the workflow, see issue #6276
        shell: cmd

      - name: Build the app (debug)