Auto merge of #28473 - jdm:codesign-build, r=jdm

Enable codesigning for non-nightly UWP builds

.github/workflows/main.yml

@@ -57,8 +57,8 @@ jobs:
       - name: Package
         working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
         run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64
-        #env:
-        #  CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'}
+        env:
+          CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }}
       - name: Tidy
         run: python mach test-tidy --force-cpp --no-wpt
 
@@ -72,18 +72,18 @@ jobs:
       - name: Copy to C drive
         run: cp D:\a C:\ -Recurse
       - name: Bootstrap
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
         run: |
           python -m pip install --upgrade pip virtualenv
           python mach fetch
       - name: Release build
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
         run: python mach build --release --target=aarch64-uwp-windows-msvc
       - name: Package
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${{ github.event.repository.name }}\\${{ github.event.repository.name }}"
         run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64
-        #env:
-        #  CODESIGN_CERT: {'${{ secrets.WINDOWS_CODESIGN_CERT }}'}
+        env:
+          CODESIGN_CERT: ${{ secrets.WINDOWS_CODESIGN_CERT }}
 
   build-mac:
     name: Build (macOS)

etc/ci/workflow.mako

@@ -57,8 +57,8 @@ jobs:
       - name: Package
         working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
         run: python mach package --release --target=x86_64-uwp-windows-msvc --uwp=x64
-        #env:
-        #  CODESIGN_CERT: ${{ CODESIGN_CERT }}
+        env:
+          CODESIGN_CERT: ${ CODESIGN_CERT }
       - name: Tidy
         run: python mach test-tidy --force-cpp --no-wpt
 
@@ -72,18 +72,18 @@ jobs:
       - name: Copy to C drive
         run: cp D:\a C:\ -Recurse
       - name: Bootstrap
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
         run: |
           python -m pip install --upgrade pip virtualenv
           python mach fetch
       - name: Release build
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
         run: python mach build --release --target=aarch64-uwp-windows-msvc
       - name: Package
-        working-directory: "C:\\a\\servo\\servo"
+        working-directory: "C:\\a\\${ REPOSITORY_NAME }\\${ REPOSITORY_NAME }"
         run: python mach package --release --target=aarch64-uwp-windows-msvc --uwp=arm64
-        #env:
-        #  CODESIGN_CERT: ${{ CODESIGN_CERT }}
+        env:
+          CODESIGN_CERT: ${ CODESIGN_CERT }
 
   build-mac:
     name: Build (macOS)

python/servo/package_commands.py

@@ -794,12 +794,12 @@ def setup_uwp_signing(ms_app_store, publisher):
     pfx = None
     if is_tc:
         print("Packaging on TC. Using secret certificate")
-        pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"]
+        pfx = get_taskcluster_secret("windows-codesign-cert/latest")["pfx"]["base64"]
     elif 'CODESIGN_CERT' in os.environ:
         pfx = os.environ['CODESIGN_CERT']
 
     if pfx:
-        open("servo.pfx", "wb").write(base64.b64decode(pfx["base64"]))
+        open("servo.pfx", "wb").write(base64.b64decode(pfx))
         run_powershell_cmd('Import-PfxCertificate -FilePath .\\servo.pfx -CertStoreLocation Cert:\\CurrentUser\\My')
         os.remove("servo.pfx")