fix: dont sign just build

nb-ccd · nb-ccd · commit a726d3076bd6 · 2025-07-08T15:48:59.000+01:00
diff --git a/.github/workflows/test-windows-code-signing.yaml b/.github/workflows/test-windows-code-signing.yaml
@@ -80,7 +80,7 @@ jobs:
 
   node-windows:
     runs-on: windows-latest  
-    environment: release # This step needs to use the release context to access credentials for code signing.
+    # environment: release # This step needs to use the release context to access credentials for code signing.
     needs: [validate-preconditions]
     if: contains(fromJSON('["rc", "alpha", "node-windows"]'), needs.validate-preconditions.outputs.release_type)
     defaults:
@@ -102,18 +102,18 @@ jobs:
         id: digicert_client
         uses: digicert/ssm-code-signing@v1.0.0
 
-      - name: Import Windows certificate (Windows only)
-        id: windows_certificate
-        env:
-          # Base64 encoding of the pfx/p12 certificate for Windows code signing.
-          SM_CLIENT_CERT_FILE_B64: ${{ secrets.WINDOWS_SM_CLIENT_CERT_FILE_B64 }}
-        run: |
-          $CERTIFICATE_PATH_BASE64="$env:RUNNER_TEMP\cert-b64.txt"
-          $CERTIFICATE_PATH="$env:RUNNER_TEMP\cert.pfx"
+      # - name: Import Windows certificate (Windows only)
+      #   id: windows_certificate
+      #   env:
+      #     # Base64 encoding of the pfx/p12 certificate for Windows code signing.
+      #     SM_CLIENT_CERT_FILE_B64: ${{ secrets.WINDOWS_SM_CLIENT_CERT_FILE_B64 }}
+      #   run: |
+      #     $CERTIFICATE_PATH_BASE64="$env:RUNNER_TEMP\cert-b64.txt"
+      #     $CERTIFICATE_PATH="$env:RUNNER_TEMP\cert.pfx"
 
-          Set-Content -Path $CERTIFICATE_PATH_BASE64 -Value $env:SM_CLIENT_CERT_FILE_B64
-          certutil -decode $CERTIFICATE_PATH_BASE64 $CERTIFICATE_PATH
-          echo "CERTIFICATE_PATH=$CERTIFICATE_PATH" >> $env:GITHUB_OUTPUT
+      #     Set-Content -Path $CERTIFICATE_PATH_BASE64 -Value $env:SM_CLIENT_CERT_FILE_B64
+      #     certutil -decode $CERTIFICATE_PATH_BASE64 $CERTIFICATE_PATH
+      #     echo "CERTIFICATE_PATH=$CERTIFICATE_PATH" >> $env:GITHUB_OUTPUT
 
       - name: Run smctl healthcheck to confirm if the tool is configured properly.
         working-directory: ${{steps.build.outputs.bin_dir}}
@@ -189,6 +189,7 @@ jobs:
           MsiDb.exe -d ./service/windows/installer/Node.msi -x Node.cab
           mkdir Node
           dir
+          expand -d Node.cab
           expand -F:* Node.cab ./Node
           dir Node
         shell: cmd
@@ -203,25 +204,25 @@ jobs:
           mv ./Node/NodeCollector ./Node/NodeCollector.exe 
           mv ./Node/ConcordiumNode ./Node/ConcordiumNode.exe
 
-      - name: Sign files with smctl
-        working-directory: ${{steps.build.outputs.bin_dir}}
-        env:
-          WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
-          WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
-          SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
-          SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
-          SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
-          SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
-          SM_ARGS: "--verbose --exit-non-zero-on-fail --failfast"
-        run: |
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumConsensusDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumBaseDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumSmartContractEngineDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/Sha2DLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }}  ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeRunnerService.exe --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeCollector.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumNode.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-        shell: cmd
+      # - name: Sign files with smctl
+      #   working-directory: ${{steps.build.outputs.bin_dir}}
+      #   env:
+      #     WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
+      #     WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
+      #     SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
+      #     SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
+      #     SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
+      #     SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
+      #     SM_ARGS: "--verbose --exit-non-zero-on-fail --failfast"
+      #   run: |
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumConsensusDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumBaseDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumSmartContractEngineDLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/Sha2DLL.dll --config-file ${{ env.WINDOWS_PKCS11_CONFIG }}  ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeRunnerService.exe --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/NodeCollector.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./Node/ConcordiumNode.exe  --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #   shell: cmd
 
       - name: Rename files back to their original form without extension. 
         run: |
@@ -243,22 +244,23 @@ jobs:
         run: |
           rm Node.cab
           mv disk1\Node.cab .
+          expand -d Node.cab
           MsiDb.exe -d ./service/windows/installer/Node.msi -k Node.cab
           MsiDb.exe -d ./service/windows/installer/Node.msi -a Node.cab
   
-      - name: Sign files with smctl
-        working-directory: ${{steps.build.outputs.bin_dir}}
-        env:
-          WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
-          WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
-          SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
-          SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
-          SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
-          SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
-          SM_ARGS: "--verbose --exit-non-zero-on-fail --failfast"
-        run: |
-          smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./service/windows/installer/Node.msi --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
-        shell: cmd
+      # - name: Sign files with smctl
+      #   working-directory: ${{steps.build.outputs.bin_dir}}
+      #   env:
+      #     WINDOWS_PKCS11_CONFIG: ${{ steps.digicert_client.outputs.PKCS11_CONFIG }}
+      #     WINDOWS_SM_KEYPAIR_ALIAS: ${{ secrets.WINDOWS_SM_KEYPAIR_ALIAS }}
+      #     SM_HOST: ${{ vars.WINDOWS_SM_HOST }}
+      #     SM_API_KEY: ${{ secrets.WINDOWS_SM_API_KEY }}
+      #     SM_CLIENT_CERT_FILE: ${{ steps.windows_certificate.outputs.CERTIFICATE_PATH }}
+      #     SM_CLIENT_CERT_PASSWORD: ${{ secrets.WINDOWS_SM_CLIENT_CERT_PASSWORD }}
+      #     SM_ARGS: "--verbose --exit-non-zero-on-fail --failfast"
+      #   run: |
+      #     smctl sign --keypair-alias ${{ env.WINDOWS_SM_KEYPAIR_ALIAS }} --input ./service/windows/installer/Node.msi --config-file ${{ env.WINDOWS_PKCS11_CONFIG }} ${{ env.SM_ARGS }}
+      #   shell: cmd
 
       - name: Rename the package to target filename.
         run: |
