In part 1 to 3 we have gone through all the steps needed in order to setup a build server to fully automatic build your app on commits from any developer.
Now we will prepare the build server so it can sign your app too.
On the build server download the Microsoft Windows SDK and install it.
If you don’t have a Code Signing Certificate you will need to go and get one.
Copy your Code Signing Certificate to your “ALBuild” folder as created in Part 2 of this blog series.
Now Copy the “SipDlls” folder and “RegisterNavSipForSigningNoContainer.ps1” from
on a development machine installed with docker to the “ALBuild” folder created in Part 2
Run “RegisterNavSipForSigningNoContainer.ps1” once to the dlls registered.
If these dll’s change in later releases this might need to be done again.
Now add a “signapp.ps1” to the script folder created in Part 2.
$filename = Get-ChildItem $env:Build_StagingDirectory -Filter *.app | Select-Object -First 1
$fileToSign = Join-Path -Path $env:Build_StagingDirectory -ChildPath $filename
Set-Location ‘C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64\’
.\SignTool.exe sign /f ‘C:\ALBuild\Scripts\<codesigningcertificate>.pfx’ /p <passwordforcodesigningcertificate> /t http://timestamp.verisign.com/scripts/timestamp.dll $fileToSign
This completes the needed changes to code sign your app on on your build server.
A special thanks to Mike Glue for sharing his great knowledge with me.