fix: Skip signing non-singnable file types like appx

[jeanfbrito]

• Added logic to skip files with extensions .appx and .zip in both signWindowsOnLinux and signWindowsOnWindows functions, improving the efficiency of the signing process by avoiding unnecessary operations on unsupported file types.
• Included console logging to inform users when a file is skipped, enhancing transparency in the signing workflow.

Closes #ISSUE_NUMBER

Summary by CodeRabbit

• Chores
  • Skips incompatible installer/archive file types (e.g., .appx, .zip) during Windows signing flows, emitting a log and returning early to avoid unnecessary processing and improve build efficiency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added early-return checks in the Windows signing flows to skip Authenticode signing for files with .appx or .zip extensions, emitting a log message and returning before any signing or further validation.

Changes

Cohort / File(s)	Summary
Windows signing skip logic build/winSignKms.js	Added extension check and early-return in signWindowsOnLinux and signWindowsOnWindows to skip signing for .appx and .zip, with informational logging.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Single-file change with straightforward early-return additions.
• Check that the skip-list is intentional and that no other file types should be excluded.

Possibly related PRs

• fix: Windows executable not being signed #3150 — Related to Windows post-build signing and usage of winSignKms.js.

Suggested labels

build-artifacts

Poem

🐰 I hop through builds both near and far,
Skipping .appx and .zip — they stay as they are.
A little log, a quiet skip,
Then on to the next signing trip. 🎩✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: skipping non-signable file types (.appx, .zip) during signing operations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch skip-appx-signing

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 69b2c89 and 89260a7.

📒 Files selected for processing (1)

• build/winSignKms.js (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• build/winSignKms.js

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: check (macos-latest)
• GitHub Check: check (windows-latest)
• GitHub Check: check (ubuntu-latest)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a70dfc6 and 69b2c89.

📒 Files selected for processing (1)

• build/winSignKms.js (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-26T19:24:21.364Z
Learning: Use two-phase Windows code signing with Google Cloud KMS (build unsigned, then sign with jsign)

📚 Learning: 2025-09-26T19:24:21.364Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-26T19:24:21.364Z
Learning: Use two-phase Windows code signing with Google Cloud KMS (build unsigned, then sign with jsign)

Applied to files:

• build/winSignKms.js

📚 Learning: 2025-09-26T19:24:21.364Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-26T19:24:21.364Z
Learning: Applies to {rollup.config.mjs,electron-builder.json,tsconfig.json,.eslintrc.json,jest.config.js} : Maintain and configure the project via the designated root config files for build, packaging, TypeScript, ESLint, and Jest

Applied to files:

• build/winSignKms.js

🧬 Code graph analysis (1)

build/winSignKms.js (1)

workspaces/desktop-release-action/dist/index.js (5)

• path (142-142)
• path (621-621)
• path (1145-1145)
• path (2862-2862)
• path (3051-3051)

🪛 GitHub Check: check (ubuntu-latest)

build/winSignKms.js

[failure] 170-170:
Replace ``[winSignKms]·Skipping·${ext}·file·(not·applicable·for·Authenticode·signing):,·path.basename(input) with `⏎······`[winSignKms]·Skipping·${ext}·file·(not·applicable·for·Authenticode·signing):`,⏎······path.basename(input)⏎····`

---

[failure] 312-312:
Replace ``[winSignKms]·Skipping·${ext}·file·(not·applicable·for·Authenticode·signing):,·path.basename(input) with `⏎······`[winSignKms]·Skipping·${ext}·file·(not·applicable·for·Authenticode·signing):`,⏎······path.basename(input)⏎····`

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: check (windows-latest)
• GitHub Check: check (macos-latest)