Merge pull request #156 from AdmiringWorm/155-keep-dir-structure

(#155) Keep directory structure for signed PowerShell scripts
chocolatey · May 22, 2024 · e7cd44a · e7cd44a
2 parents 7fe3b3d + 7c0e543
commit e7cd44a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/Chocolatey.Cake.Recipe/Content/sign-powershell.ps1 b/Chocolatey.Cake.Recipe/Content/sign-powershell.ps1
@@ -23,6 +23,10 @@ Param(
     [String]
     $OutputFolder,
 
+    [Parameter()]
+    [string]
+    $RootFolder,
+
     [Parameter()]
     [String]
     $TimeStampServer,
@@ -61,21 +65,32 @@ if ($Cert) {
         'Cert'            = $Cert
     }
 
+    if (!$RootFolder) {
+      $RootFolder = Resolve-Path "./"
+    }
+
+    Push-Location $RootFolder
+
     foreach ($Script in $ScriptsToSign) {
         $ExistingSig = Get-AuthenticodeSignature -FilePath $Script
 
         if ($ExistingSig.Status -ne 'Valid' -or $ExistingSig.SignerCertificate.Issuer -notmatch 'DigiCert' -or $ExistingSig.SignerCertificate.NotAfter -lt [datetime]::Now) {
+            $relativePath = (Resolve-Path -Relative -LiteralPath $Script).TrimStart('.', '/', '\')
+            $destinationPath = Join-Path $OutputFolder $relativePath
+            $destinationFolder = Split-Path -Parent $destinationPath
             $NewSig = Set-AuthenticodeSignature -FilePath $Script @CommonSignParams
             Write-Host "Script file '$Script' signed with status: $($NewSig.Status)"
 
-            if (!(Test-Path -Path $OutputFolder)) {
-                $null = New-Item -Path $OutputFolder -Type Directory
+            if (!(Test-Path -Path $destinationFolder)) {
+                $null = New-Item -Path $destinationFolder -Type Directory -Force
             }
-            Copy-Item -Path $Script -Destination $OutputFolder
+            Copy-Item -Path $Script -Destination $destinationPath
         } else {
             Write-Host "Script file '$Script' does not need signing, current signature is valid."
         }
     }
+
+    Pop-Location
 } else {
     Write-Warning "Skipping script signing, no currently valid DigiCert issued Authenticode signing certificate matching '$($CertificateSubjectName)' was found."
 }
diff --git a/Chocolatey.Cake.Recipe/Content/sign.cake b/Chocolatey.Cake.Recipe/Content/sign.cake
@@ -97,10 +97,11 @@ BuildParameters.Tasks.SignPowerShellScriptsTask = Task("Sign-PowerShellScripts")
                 });
         }
 
-        foreach (var signedFile in GetFiles(BuildParameters.Paths.Directories.SignedFiles + "/**/*"))
-        {
-            BuildParameters.BuildProvider.UploadArtifact(signedFile);
-        }
+        var files = GetFiles(BuildParameters.Paths.Directories.SignedFiles + "/**/*") - GetFiles(BuildParameters.Paths.Directories.SignedFiles + "/**/*.zip");
+        var destination = BuildParameters.Paths.Directories.SignedFiles.CombineWithFilePath("SignedFiles.zip");
+        Zip(BuildParameters.Paths.Directories.SignedFiles, destination, files);
+
+        BuildParameters.BuildProvider.UploadArtifact(destination);
     }
     else
     {