Skip to content

How to exclude files from ClickOnce signing #149

Description

@Geer-Shuang

Hello, this was originally reported in issue #121, but it's closed, and I couldn't reopen it.

I am using azure/artifact-signing-action@v1 in GitHub action to sign a ClickOnce app, so this may be a little different than the previous issue. Similarly, I needed to exclude dll's and exe's that aren't controlled by us. I used the following configuration, but it's still signing all dll's and exe's in the publish folder. I also tried using files: parameter to explicitly sign certain files, but it still signed everything. Same issue in azure/artifact-signing-action@v1. It looks like it just looks at the manifest and signs everything included in there.

Configuration used:
files-folder: ${{ github.workspace }}\PublishFolder
files-folder-filter: MyApp.application,setup.exe,MyApp.exe

The file structure is like this:
PublishFolder
│ MyApp.application
│ setup.exe
│ MyApp.exe
└─── MyApp_1_0_0_0
MyApp.exe
subprocess.exe
thridparty.dll
...

The problem is that this is changing the original files that we didn't want to touch. When launching MyApp.exe normally, this is fine. However, when launching it from a URL with custom URI scheme from a web browser, MyApp.exe will be launched under a more restricted context. MyApp.exe itself will start with no problems, but it will be stuck launching the [subprocess].exe or loading the 3rd party dll's. When the [subprocess].exe and 3rd party dll's are not signed by artifact-signing-action, it works fine.

I need to find a way to exclude these external dll's and exe's. Can anyone provide guidance on how to do this?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions