Feature/to windows store#14
Conversation
…d validating Windows MSIX packages
…lity rendering settings
….04` in GitHub Actions workflow
…buntu-22.04` in GitHub Actions workflow" This reverts commit 3fdd028.
…GitHub Actions workflow
…and add validation steps
…eMagick and add validation steps" This reverts commit c095506.
… Actions workflow
…/snapcraft:stable`
…in GitHub Actions workflow
…in GitHub Actions workflow
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions CI workflow to (1) produce a Windows Store–ready MSIX installer (including signing) and (2) make the Snapcraft build job more reliable by adjusting the snap build environment and flow.
Changes:
- Added a
build_installerWindows job to build an MSIX, sign it via Azure Trusted Signing, install it for validation, and upload it as an artifact. - Stabilized the Snapcraft pipeline by initializing snapd, building via LXD (
snapcraft pack --use-lxd), explicitly connecting thenetworkinterface, and uploading the exact generated.snap.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Azure Login | ||
| uses: azure/login@v2 | ||
| with: | ||
| creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' | ||
|
|
||
| - name: Sign installer with Azure Trusted Signing | ||
| uses: azure/trusted-signing-action@v0.5.0 |
There was a problem hiding this comment.
build_installer runs on every pull_request, but it relies on Azure secrets (azure/login + trusted signing). On PRs from forks, GitHub does not provide secrets, so this job will consistently fail and block CI. Add an if: guard (e.g., only on push to main / release branches, or when required secrets are present) or split signing into a separate workflow triggered by workflow_dispatch/push events only.
| $manifest = @' | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" | ||
| xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" | ||
| xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" | ||
| xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10" | ||
| xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" | ||
| IgnorableNamespaces="uap uap3 desktop rescap"> | ||
| <Identity Name="ConnectingApps.KemForge" | ||
| Publisher="CN=Connecting Apps, O=Connecting Apps, STREET=Wagenstraat 83 D, L=Den Haag, S=Zuid-Holland, C=NL, PostalCode=2512AR" | ||
| Version="1.3.2.0" | ||
| ProcessorArchitecture="x64" /> | ||
| <Properties> | ||
| <DisplayName>KemForge</DisplayName> | ||
| <PublisherDisplayName>ConnectingApps</PublisherDisplayName> | ||
| <Description>A curl-compatible CLI tool with Post-Quantum Cryptography support</Description> | ||
| <Logo>Assets\StoreLogo.png</Logo> | ||
| </Properties> | ||
| <Resources> | ||
| <Resource Language="en-us" /> | ||
| </Resources> | ||
| <Dependencies> | ||
| <TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.17763.0" MaxVersionTested="10.0.22621.0" /> | ||
| </Dependencies> | ||
| <Applications> | ||
| <Application Id="KemForge" Executable="kemforge.exe" EntryPoint="Windows.FullTrustApplication"> | ||
| <uap:VisualElements DisplayName="KemForge" | ||
| Description="KemForge CLI" | ||
| BackgroundColor="transparent" | ||
| Square150x150Logo="Assets\icon150x150.png" | ||
| Square44x44Logo="Assets\icon44x44.png" /> | ||
| <Extensions> | ||
| <uap3:Extension Category="windows.appExecutionAlias"> | ||
| <uap3:AppExecutionAlias> | ||
| <desktop:ExecutionAlias Alias="kemforge.exe" /> | ||
| </uap3:AppExecutionAlias> | ||
| </uap3:Extension> | ||
| </Extensions> | ||
| </Application> | ||
| </Applications> | ||
| <Capabilities> | ||
| <rescap:Capability Name="runFullTrust" /> | ||
| </Capabilities> | ||
| </Package> | ||
| '@ | ||
| $manifest | Set-Content -Path packaging/AppxManifest.xml -Encoding utf8 |
There was a problem hiding this comment.
The MSIX AppxManifest.xml is embedded as a large inline here-string in the workflow. This makes the workflow hard to maintain/review and couples release metadata (Identity/Publisher/Version) to CI config. Consider committing a template manifest file under a packaging directory and having the workflow copy/update only the small set of values that need to vary (e.g., version), or generate it via a dedicated script checked into the repo.
Uh oh!
There was an error while loading. Please reload this page.