From 7e20795ef8746b43a10bcf70a0497b3292bddc25 Mon Sep 17 00:00:00 2001 From: nelsoduarte Date: Fri, 8 May 2026 10:59:06 +0100 Subject: [PATCH] ci(build): produce PDFApps-.msix on every release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add an MSIX build step to the Windows job in build.yml so the Microsoft Store / sideload package is built automatically alongside PDFAppsSetup.exe / PDFApps.exe instead of needing a separate manual pwsh msix/build.ps1 invocation. - The new step runs after PyInstaller produces dist/PDFApps.exe and invokes msix/build.ps1. windows-latest images already include the Windows 10/11 SDK so makeappx.exe is on PATH for the script. - The Publisher CN is read from the optional secret MSIX_PUBLISHER_CN. When set (post-name-reservation in Microsoft Partner Center), the MSIX carries the production CN and is ready for Store upload. When unset (initial scaffolding period, public forks), build.ps1 falls back to its sideload-test CN — the resulting .msix isn't Store-submittable but lets contributors validate the manifest locally. - The .msix is uploaded as part of the PDFApps-Windows artifact and attached to the GitHub Release alongside PDFAppsSetup.exe etc., with a SHA256 line so the in-app updater's hash-verification path treats it like any other release asset. Workflow stays a no-op for the project until the user reserves the package name in Partner Center and adds MSIX_PUBLISHER_CN as a repo secret. Until then every release just gets a sideload-test .msix that confirms the build pipeline works end-to-end. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/build.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c86ed05..76464fc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,6 +44,22 @@ jobs: python -m PyInstaller --noconfirm uninstaller.spec python -m PyInstaller --noconfirm installer.spec + - name: Build MSIX (Windows) + if: runner.os == 'Windows' + env: + # Empty by default → build.ps1 falls back to the sideload-test + # CN. To produce a Store-submission MSIX, set the secret + # MSIX_PUBLISHER_CN to the Publisher value Microsoft assigns + # in Partner Center (e.g. "CN=ABCDEF12-3456-7890-ABCD-EF1234567890"). + MSIX_PUBLISHER_CN: ${{ secrets.MSIX_PUBLISHER_CN }} + shell: pwsh + run: | + if ($env:MSIX_PUBLISHER_CN) { + pwsh msix/build.ps1 -Publisher $env:MSIX_PUBLISHER_CN + } else { + pwsh msix/build.ps1 + } + - name: Upload (Windows) if: runner.os == 'Windows' uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 @@ -53,6 +69,7 @@ jobs: dist/PDFApps.exe dist/PDFAppsSetup.exe dist/PDFAppsUninstall.exe + dist/PDFApps-*.msix # ── Linux ─────────────────────────────────────────────────── - name: Install Linux system deps @@ -264,6 +281,7 @@ jobs: echo "## Checksums (SHA256)" >> release_notes.md for f in artifacts/PDFApps-Windows/PDFAppsSetup.exe \ artifacts/PDFApps-Windows/PDFApps.exe \ + artifacts/PDFApps-Windows/PDFApps-*.msix \ artifacts/PDFApps-Linux/PDFApps-Linux.tar.gz \ artifacts/PDFApps-macOS/PDFApps-macOS.dmg \ artifacts/PDFApps-AppImage/PDFApps-*.AppImage; do @@ -286,6 +304,7 @@ jobs: files: | artifacts/PDFApps-Windows/PDFAppsSetup.exe artifacts/PDFApps-Windows/PDFApps.exe + artifacts/PDFApps-Windows/PDFApps-*.msix artifacts/PDFApps-Linux/PDFApps-Linux.tar.gz artifacts/PDFApps-macOS/PDFApps-macOS.dmg artifacts/PDFApps-AppImage/PDFApps-*.AppImage