Signing assembly

SigningAssembly.md

1. Generate SNK file (you need to run console as admin)

& "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\sn.exe" -k ./MyKeys.snk

2. Converting SNK file to base64 text file using PowerShell

$pfx_cert = Get-Content 'MyKeys.snk' -Encoding Byte
[System.Convert]::ToBase64String($pfx_cert) | Out-File 'MyKeys.txt'

3. Add add content of MyKeys.txt to Github Secrets as SIGNING_KEY - Go to Settings -> Secrets -> New Repository Secret

4. Decode base64 using PowerShell script

- name: Decode the Pfx
  run: |
    $signing_keys_payload = [System.Convert]::FromBase64String("${{ secrets.SIGNING_KEY }}")
    $currentDirectory = Get-Location
    $certificatePath = Join-Path -Path $currentDirectory -ChildPath "MyKeys.snk"
    [IO.File]::WriteAllBytes("$certificatePath", $signing_keys_payload)

Or use a dedicated Github action for saving base64 as binary file: https://github.com/marketplace/actions/base64-to-file

- name: Materialize Signing Key
  id: write_sign_key_file
  uses: timheuer/base64-to-file@v1
  with:
    fileName: 'MyKeys.snk'
    encodedString: ${{ secrets.SIGNING_KEY }}    

5. Pass SignAssembly and AssemblyOriginatorKeyFile parameters to dotnet build or msbuild

- name: Build extension
  run: dotnet build $env:SolutionPath 
  env:
    SignAssembly: true
    AssemblyOriginatorKeyFile: ${{ steps.write_sign_key_file.outputs.filePath }}

Troubleshooting

Problem: PFX signing not supported on .NET Core

Solution: Use SNK instead of PFX file

Problem: Failed to generate a strong name key pair -- Access is denied.

Solution: Run console as admin

More: https://stackoverflow.com/questions/11887/sn-exe-fails-with-access-denied-error-message