If you are using premier edition of installshield, you can use the pre compression event available under event tab of releases to sign the msi using your signtool command, which will sign this msi before compression.
Please refer attached screenshot.
This pattern would work but doing it this way would expose the secrets as they would either be in plain text in the ism file or would have to be passed in as a parameter of the build and stored as a property at runtime.
Hi @RWatson ,
What version you want to pass it to signtool, I dont think signtool support productversion property. You can check supports properties of signtool in azure documentation.
If You want to pass the version to setup.exe you can pass it to iscmdbld.exe
-y <product version> Refer below help link
@varul I'm writting an exe to be called during the command line event to sign the MSI. I want to pass a variable to it during that command line. I have -y being passed into the ISBuildCmd but I want to be able to pass [ProductVersion] to my exe during the pre compression event.
@varul I tried using this method and call the signtool during the "Precompression Event". I am getting zero errors in my log and it looks like my event is completing successfully. Once I have an exe result, I extracted my MSI and it is not signed.