We have an UWP app that is available in Windows Store. In addition the same app will be sideloaded for some enterprise customers & beta testers.
Due to a couple of reasons, we need to sign the appxbundle differently for store & sideloaded version, meaning we have another certificate for the sideloading case.
While the UWP app is already associated with the store, and package manifests pointing to the store key, I wonder if there is a way how we can build once (for time savings) but sign the output twice differently using msbuild/vsstudio in our CI Pipeline.
Any idea or do we need to split the build process and use makeappx together with sign tool to make this happen? Another approach would be to modify the package.appxmanifest on the fly and build it again.
Is there a better way?
Thanks
After considering the various options here, we chose to build one project twice.
First build is for store and the second run is for sideloading.
Between the runs we update the publisher with this simple script and then we trigger the same build again:
Param(
[String]$projectFolder,
[String]$project,
[String]$publisher
)
# -------------------------------- Update the manifest file --------------------------------
$manifestFile = Get-Item "$projectFolder\$project\Package.appxmanifest"
[XML]$manifest = get-content $manifestFile
$manifest.Package.Identity.Publisher = $publisher
$manifest.Save($manifestFile)
In addition you need to provide overrides for your msbuild command to match your new certificate as follows:
/p:PackageCertificateKeyFile=xxx.pfx /p:PackageCertificateThumbprint=xxx