@@ -77,13 +77,13 @@ jobs:
7777 run : dotnet publish src/OpenClaw.Tray.WinUI -c Release -r ${{ matrix.rid }} --self-contained -p:Version=${{ needs.test.outputs.semVer }} -o publish
7878
7979 - name : Azure Login for Signing
80- if : startsWith(github.ref, 'refs/tags/v')
80+ if : startsWith(github.ref, 'refs/tags/v') && matrix.rid != 'win-arm64'
8181 uses : azure/login@v2
8282 with :
8383 creds : ' {"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
8484
8585 - name : Sign Executable
86- if : startsWith(github.ref, 'refs/tags/v')
86+ if : startsWith(github.ref, 'refs/tags/v') && matrix.rid != 'win-arm64'
8787 uses : azure/trusted-signing-action@v1
8888 with :
8989 azure-tenant-id : ${{ secrets.AZURE_TENANT_ID }}
@@ -170,13 +170,13 @@ jobs:
170170 echo "msix_name=$($msix.Name)" >> $env:GITHUB_OUTPUT
171171
172172name : Sign MSIX
173- if : startsWith(github.ref, 'refs/tags/v')
173+ if : startsWith(github.ref, 'refs/tags/v') && matrix.rid != 'win-arm64'
174174 uses : azure/login@v2
175175 with :
176176 creds : ' {"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
177177
178178 - name : Sign MSIX Package
179- if : startsWith(github.ref, 'refs/tags/v')
179+ if : startsWith(github.ref, 'refs/tags/v') && matrix.rid != 'win-arm64'
180180 uses : azure/trusted-signing-action@v1
181181 with :
182182 azure-tenant-id : ${{ secrets.AZURE_TENANT_ID }}
@@ -284,6 +284,44 @@ jobs:
284284 if ($x64) { Copy-Item $x64.FullName "OpenClawTray-${{ needs.test.outputs.majorMinorPatch }}-win-x64.msix" }
285285 if ($arm64) { Copy-Item $arm64.FullName "OpenClawTray-${{ needs.test.outputs.majorMinorPatch }}-win-arm64.msix" }
286286
287+ # Sign ARM64 artifacts on x64 runner (ARM64 runner can't run the signing dlib)
288+ - name : Azure Login for ARM64 Signing
289+ uses : azure/login@v2
290+ with :
291+ creds : ' {"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
292+
293+ - name : Sign ARM64 Executables
294+ uses : azure/trusted-signing-action@v1
295+ with :
296+ azure-tenant-id : ${{ secrets.AZURE_TENANT_ID }}
297+ azure-client-id : ${{ secrets.AZURE_CLIENT_ID }}
298+ azure-client-secret : ${{ secrets.AZURE_CLIENT_SECRET }}
299+ endpoint : https://wus2.codesigning.azure.net/
300+ signing-account-name : hanselman
301+ certificate-profile-name : WindowsEdgeLight
302+ files-folder : artifacts/tray-win-arm64
303+ files-folder-filter : exe
304+ file-digest : SHA256
305+ timestamp-rfc3161 : http://timestamp.acs.microsoft.com
306+ timestamp-digest : SHA256
307+
308+ - name : Sign ARM64 MSIX
309+ if : steps.msix-arm64.outcome == 'success'
310+ uses : azure/trusted-signing-action@v1
311+ with :
312+ azure-tenant-id : ${{ secrets.AZURE_TENANT_ID }}
313+ azure-client-id : ${{ secrets.AZURE_CLIENT_ID }}
314+ azure-client-secret : ${{ secrets.AZURE_CLIENT_SECRET }}
315+ endpoint : https://wus2.codesigning.azure.net/
316+ signing-account-name : hanselman
317+ certificate-profile-name : WindowsEdgeLight
318+ files-folder : artifacts/msix-arm64
319+ files-folder-filter : msix
320+ files-folder-depth : 3
321+ file-digest : SHA256
322+ timestamp-rfc3161 : http://timestamp.acs.microsoft.com
323+ timestamp-digest : SHA256
324+
287325 # Create ZIP files for Updatum auto-update (needs "win-x64" in filename)
288326 - name : Create Release ZIPs
289327 run : |
0 commit comments