diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json
deleted file mode 100644
index 07a6e7632..000000000
--- a/.config/CredScanSuppressions.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "tool": "Credential Scanner",
- "suppressions": [
- {
- "file": "\\src\\Calculator\\WindowsDev_TemporaryKey.pfx",
- "_justification": "This is an untrusted, self-signed certificate which is used only during development. Its private key is not intended to be secret."
- },
- {
- "file": "\\src\\CalculatorUnitTests\\WindowsDev_TemporaryKey.pfx",
- "_justification": "This is an untrusted, self-signed certificate which is used only during development. Its private key is not intended to be secret."
- }
- ]
-}
diff --git a/.github/workflows/action-ci.yml b/.github/workflows/action-ci.yml
index f356e0f7f..693dc318f 100644
--- a/.github/workflows/action-ci.yml
+++ b/.github/workflows/action-ci.yml
@@ -91,6 +91,10 @@ jobs:
with:
name: Build-${{ matrix.platform }}
path: ${{ github.workspace }}/output
+ - uses: actions/upload-artifact@v4
+ with:
+ name: Tools-${{ matrix.platform }}
+ path: ${{ github.workspace }}/build/scripts/SignTestApp.ps1
unitTests:
needs: [defineBuilds, build]
@@ -107,10 +111,13 @@ jobs:
with:
name: Build-${{ matrix.platform }}
path: ${{ github.workspace }}/download
+ - uses: actions/download-artifact@v4
+ name: Download tools
+ with:
+ name: Tools-${{ matrix.platform }}
+ path: ${{ github.workspace }}/download/tools
- run: |
- ${{ env.testDir }}/Add-AppDevPackage.ps1 `
- -CertificatePath ${{ env.testDir }}/CalculatorUnitTests.cer `
- -Force
+ ${{ github.workspace }}/download/tools/SignTestApp.ps1 -AppToSign ${{ env.testDir }}/CalculatorUnitTests.msix
shell: pwsh
name: Install test certificate
- uses: ilammy/msvc-dev-cmd@v1 # this is a workaround because microsoft/vstest-action is broken.
@@ -131,16 +138,18 @@ jobs:
with:
name: Build-x64
path: ${{ github.workspace }}/download
+ - uses: actions/download-artifact@v4
+ name: Download tools
+ with:
+ name: Tools-x64
+ path: ${{ github.workspace }}/download/tools
- run: |
Set-DisplayResolution -Width 1920 -Height 1080 -Force
shell: pwsh
name: Set screen resolution
- run: |
- ${{ env.appDir }}/Add-AppDevPackage.ps1 `
- -CertificatePath ${{ env.appDir }}/Calculator*.cer `
- -Force
- ${{ env.appDir }}/Add-AppDevPackage.ps1 `
- -Force
+ ${{ github.workspace }}/download/tools/SignTestApp.ps1 -AppToSign '${{ env.appDir }}/Calculator_*.msixbundle'
+ ${{ env.appDir }}/Add-AppDevPackage.ps1 -Force
shell: powershell
name: Install app
- run: |
diff --git a/.gitignore b/.gitignore
index ed4b08c68..4e2ed91b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -200,7 +200,6 @@ ClientBin/
*.dbmdl
*.dbproj.schemaview
*.jfm
-*.pfx
*.publishsettings
orleans.codegen.cs
@@ -294,8 +293,6 @@ __pycache__/
Generated Files/
src/GraphControl/GraphingImplOverrides.props
src/CalcViewModel/DataLoaders/DataLoaderConstants.h
-!src/Calculator/WindowsDev_TemporaryKey.pfx
-!src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx
!src/x64
!src/x86
!src/out
diff --git a/build/pipelines/templates/run-ui-tests.yaml b/build/pipelines/templates/run-ui-tests.yaml
index 231eaef4b..1f9dfccaa 100644
--- a/build/pipelines/templates/run-ui-tests.yaml
+++ b/build/pipelines/templates/run-ui-tests.yaml
@@ -42,17 +42,10 @@ jobs:
Calculator/AppPackages/**
publish/**
- - task: PowerShell@2
- displayName: Install certificate
- inputs:
- filePath: $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Add-AppDevPackage.ps1
- arguments: -CertificatePath $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Calculator_$(Build.BuildNumber)_${{ parameters.platform }}.cer -Force
-
- - task: PowerShell@2
+ - powershell: |
+ $(Build.SourcesDirectory)/build/scripts/SignTestApp.ps1 -AppToSign '$(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_*_Test/Calculator_*.msixbundle'
+ $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_*_Test/Add-AppDevPackage.ps1 -Force
displayName: Install app
- inputs:
- filePath: $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Add-AppDevPackage.ps1
- arguments: -Force
- task: VSTest@2
displayName: Run CalculatorUITests
diff --git a/build/pipelines/templates/run-unit-tests.yaml b/build/pipelines/templates/run-unit-tests.yaml
index a6503f9cc..84e76ec26 100644
--- a/build/pipelines/templates/run-unit-tests.yaml
+++ b/build/pipelines/templates/run-unit-tests.yaml
@@ -13,18 +13,17 @@ jobs:
skipComponentGovernanceDetection: true
UnitTestsDir: $(Pipeline.Workspace)\drop-${{ parameters.platform }}\CalculatorUnitTests\AppPackages\CalculatorUnitTests_Test
steps:
- - checkout: none
+ - checkout: self
+ fetchDepth: 1
- download: current
displayName: Download CalculatorUnitTests
artifact: drop-${{ parameters.platform }}
patterns: '**/CalculatorUnitTests_Test/**'
- - task: PowerShell@2
- displayName: Install Certificate
- inputs:
- filePath: $(UnitTestsDir)\Add-AppDevPackage.ps1
- arguments: -CertificatePath $(UnitTestsDir)\CalculatorUnitTests.cer -Force
+ - powershell: |
+ $(Build.SourcesDirectory)/build/scripts/SignTestApp.ps1 -AppToSign '$(UnitTestsDir)\CalculatorUnitTests.msix'
+ displayName: Sign unit tests
- task: VSTest@2
displayName: Run CalculatorUnitTests
diff --git a/build/scripts/SignTestApp.ps1 b/build/scripts/SignTestApp.ps1
new file mode 100644
index 000000000..dfb504e6f
--- /dev/null
+++ b/build/scripts/SignTestApp.ps1
@@ -0,0 +1,33 @@
+#requires -RunAsAdministrator
+param(
+ [Parameter(Position = 0, Mandatory = $true)][string]$AppToSign,
+ [string]$SignTool = "C:\Program Files (x86)\Windows Kits\10\bin\10.*\x64\signtool.exe"
+)
+
+$AppToSign = (Resolve-Path -Path $AppToSign)[-1]
+Write-Host "AppToSign: $AppToSign"
+$SignTool = (Resolve-Path -Path $SignTool)[-1]
+Write-Host "SignTool: $SignTool"
+if ((Test-Path -Path $SignTool -PathType Leaf) -ne $true) {
+ Write-Error "signtool is not found with the given argument: $SignTool" -ErrorAction Stop
+}
+
+$codeSignOid = New-Object -TypeName "System.Security.Cryptography.Oid" -ArgumentList @("1.3.6.1.5.5.7.3.3")
+$oidColl = New-Object -TypeName "System.Security.Cryptography.OidCollection"
+$oidColl.Add($codeSignOid) > $null
+$publisher = "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+$certReq = New-Object -TypeName "System.Security.Cryptography.X509Certificates.CertificateRequest" `
+ -ArgumentList @($publisher, ([System.Security.Cryptography.ECDsa]::Create()), "SHA256")
+$certReq.CertificateExtensions.Add((New-Object -TypeName "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension" `
+ -ArgumentList @($oidColl, $false)))
+$now = Get-Date
+$cert = $certReq.CreateSelfSigned($now, $now.AddHours(1))
+
+$pfxFile = "$($env:TEMP)\$(New-Guid).pfx"
+[System.IO.File]::WriteAllBytes($pfxFile, $cert.Export("Pfx"))
+Write-Host "Exported PFX: $pfxFile"
+
+& $SignTool sign /fd SHA256 /a /f $pfxFile $AppToSign
+Write-Host "Certificate Thumbprint: $($cert.Thumbprint.ToLower())"
+
+Import-PfxCertificate -CertStoreLocation 'Cert:\LocalMachine\TrustedPeople' -FilePath $pfxFile > $null
diff --git a/src/Calculator/Calculator.csproj b/src/Calculator/Calculator.csproj
index 236428aa3..6c73ba688 100644
--- a/src/Calculator/Calculator.csproj
+++ b/src/Calculator/Calculator.csproj
@@ -24,8 +24,7 @@
512
{A5A43C5B-DE2A-4C0C-9213-0A381AF9435A};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}
true
- True
- WindowsDev_TemporaryKey.pfx
+ False
False
Always
true
@@ -817,7 +816,6 @@
-
14.0
diff --git a/src/Calculator/WindowsDev_TemporaryKey.pfx b/src/Calculator/WindowsDev_TemporaryKey.pfx
deleted file mode 100644
index 555456ae0..000000000
Binary files a/src/Calculator/WindowsDev_TemporaryKey.pfx and /dev/null differ
diff --git a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
index 371a686a6..24b78e95e 100644
--- a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
+++ b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
@@ -16,7 +16,6 @@
true
true
- WindowsDev_TemporaryKey.pfx
@@ -289,9 +288,6 @@
{cc9b4fa7-d746-4f52-9401-0ad1b4d6b16d}
-
-
-
diff --git a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
index 60cc935c0..54a1bed4b 100644
--- a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
+++ b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
@@ -79,7 +79,4 @@
{d3ec8922-022d-4531-8744-f65a872f3841}
-
-
-
\ No newline at end of file
diff --git a/src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx b/src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx
deleted file mode 100644
index 555456ae0..000000000
Binary files a/src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx and /dev/null differ