From f8fbdd122ecdc7a967f3fbeef3572dfd133cc5e3 Mon Sep 17 00:00:00 2001
From: Kevin Cui <bh@bugs.cc>
Date: Wed, 31 Jul 2024 10:39:35 +0800
Subject: [PATCH] fix(windows,code-sign): cannot sign binary files in Github
 Actions (#8384)

Fixed: #7729 #8055

Signed-off-by: Kevin Cui <bh@bugs.cc>
---
 .changeset/good-news-stare.md                 |  5 +++++
 .../src/codeSign/windowsCodeSign.ts           | 19 ++++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 .changeset/good-news-stare.md

diff --git a/.changeset/good-news-stare.md b/.changeset/good-news-stare.md
new file mode 100644
index 00000000000..a3ec9a5391a
--- /dev/null
+++ b/.changeset/good-news-stare.md
@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+Fix the issue of being unable to sign binary files in the Windows runner on Github Actions
diff --git a/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts b/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts
index 896aa87a47b..05f5efb5500 100644
--- a/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts
+++ b/packages/app-builder-lib/src/codeSign/windowsCodeSign.ts
@@ -110,9 +110,9 @@ export interface CertificateFromStoreInfo {
 export async function getCertificateFromStoreInfo(options: WindowsConfiguration, vm: VmManager): Promise<CertificateFromStoreInfo> {
   const certificateSubjectName = options.certificateSubjectName
   const certificateSha1 = options.certificateSha1 ? options.certificateSha1.toUpperCase() : options.certificateSha1
-  // ExcludeProperty doesn't work, so, we cannot exclude RawData, it is ok
-  // powershell can return object if the only item
-  const rawResult = await vm.exec("powershell.exe", [
+
+  const ps = await getPSCmd(vm)
+  const rawResult = await vm.exec(ps, [
     "-NoProfile",
     "-NonInteractive",
     "-Command",
@@ -319,3 +319,16 @@ async function getToolPath(isWin = process.platform === "win32"): Promise<ToolIn
     return { path: path.join(vendorPath, process.platform, "osslsigncode") }
   }
 }
+
+async function getPSCmd(vm: VmManager): Promise<string> {
+  return await vm
+    .exec("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", `Get-Command pwsh.exe`])
+    .then(() => {
+      log.debug(null, "identified pwsh.exe for executing code signing")
+      return "pwsh.exe"
+    })
+    .catch(() => {
+      log.debug(null, "unable to find pwsh.exe, falling back to powershell.exe")
+      return "powershell.exe"
+    })
+}