feat(signing): ✨ Add verbose logging for certificate resolution and build tasks

* Added verbose output for certificate resolution in `Get-PSBuildCertificate`.
* Introduced `SkipCertificateValidation` option in `build.properties.ps1` for CI environments.
* Enhanced `psakeFile.ps1` to support verbose logging across various build tasks.
* Improved readability and maintainability of the build script.

Author: HeyItsGilbert

PowerShellBuild/Public/Get-PSBuildCertificate.ps1

@@ -195,5 +195,6 @@ function Get-PSBuildCertificate {
         Write-Verbose "Certificate validation passed: HasPrivateKey=$($cert.HasPrivateKey), NotAfter=$($cert.NotAfter), CodeSigningEKU=Present"
     }
 
+    Write-Verbose ('Certificate resolution complete: ' + ($cert ? $cert.Subject : 'No certificate found'))
     $cert
 }

PowerShellBuild/build.properties.ps1

@@ -185,6 +185,13 @@ $moduleVersion = (Import-PowerShellDataFile -Path $env:BHPSModuleManifest).Modul
         # Useful for Azure Key Vault, HSM, or other custom certificate providers.
         Certificate               = $null
 
+        # When true and using the Store or Thumbprint sources, skip the
+        # certificate validity check that ensures the certificate is not expired
+        # and has a private key. This is not recommended for production use but
+        # can be useful in CI environments where certificates are frequently
+        # renewed and updated.
+        SkipCertificateValidation = $false
+
         # RFC 3161 timestamp server URI embedded in Authenticode signatures.
         TimestampServer           = 'http://timestamp.digicert.com'
 

PowerShellBuild/psakeFile.ps1

@@ -3,7 +3,14 @@
 Remove-Variable -Name PSBPreference -Scope Script -Force -ErrorAction Ignore
 Set-Variable -Name PSBPreference -Option ReadOnly -Scope Script -Value (. ([IO.Path]::Combine($PSScriptRoot, 'build.properties.ps1')))
 
-Properties {}
+Properties {
+    $importLocalizedDataSplat = @{
+        BindingVariable = 'LocalizedData'
+        FileName        = 'Messages.psd1'
+        ErrorAction     = 'SilentlyContinue'
+    }
+    Import-LocalizedData @importLocalizedDataSplat
+}
 
 FormatTaskName {
     param($taskName)
@@ -64,11 +71,11 @@ if ($null -eq $PSBSignDependency) {
 # Task default -depends Test
 
 Task Init {
-    Initialize-PSBuild -UseBuildHelpers -BuildEnvironment $PSBPreference
+    Initialize-PSBuild -UseBuildHelpers -BuildEnvironment $PSBPreference -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Initialize build environment variables'
 
 Task Clean -Depends $PSBCleanDependency {
-    Clear-PSBuildOutputFolder -Path $PSBPreference.Build.ModuleOutDir
+    Clear-PSBuildOutputFolder -Path $PSBPreference.Build.ModuleOutDir -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Clears module output directory'
 
 Task StageFiles -Depends $PSBStageFilesDependency {
@@ -98,7 +105,7 @@ Task StageFiles -Depends $PSBStageFilesDependency {
         }
     }
 
-    Build-PSBuildModule @buildParams
+    Build-PSBuildModule @buildParams -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Builds module based on source directory'
 
 Task Build -Depends $PSBBuildDependency -Description 'Builds module and generate help documentation'
@@ -121,7 +128,7 @@ Task Analyze -Depends $PSBAnalyzeDependency -PreCondition $analyzePreReqs {
         SeverityThreshold = $PSBPreference.Test.ScriptAnalysis.FailBuildOnSeverityLevel
         SettingsPath      = $PSBPreference.Test.ScriptAnalysis.SettingsPath
     }
-    Test-PSBuildScriptAnalysis @analyzeParams
+    Test-PSBuildScriptAnalysis @analyzeParams -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Execute PSScriptAnalyzer tests'
 
 $pesterPreReqs = {
@@ -155,6 +162,7 @@ Task Pester -Depends $PSBPesterDependency -PreCondition $pesterPreReqs {
         ImportModule                 = $PSBPreference.Test.ImportModule
         SkipRemainingOnFailure       = $PSBPreference.Test.SkipRemainingOnFailure
         OutputVerbosity              = $PSBPreference.Test.OutputVerbosity
+        Verbose                      = $VerbosePreference -eq 'Continue'
     }
     Test-PSBuildPester @pesterParams
 } -Description 'Execute Pester tests'
@@ -182,6 +190,7 @@ Task GenerateMarkdown -Depends $PSBGenerateMarkdownDependency -PreCondition $gen
         AlphabeticParamsOrder = $PSBPreference.Docs.AlphabeticParamsOrder
         ExcludeDontShow       = $PSBPreference.Docs.ExcludeDontShow
         UseFullTypeName       = $PSBPreference.Docs.UseFullTypeName
+        Verbose               = $VerbosePreference -eq 'Continue'
     }
     Build-PSBuildMarkdown @buildMDParams
 } -Description 'Generates PlatyPS markdown files from module help'
@@ -195,7 +204,7 @@ $genHelpFilesPreReqs = {
     $result
 }
 Task GenerateMAML -Depends $PSBGenerateMAMLDependency -PreCondition $genHelpFilesPreReqs {
-    Build-PSBuildMAMLHelp -Path $PSBPreference.Docs.RootDir -DestinationPath $PSBPreference.Build.ModuleOutDir
+    Build-PSBuildMAMLHelp -Path $PSBPreference.Docs.RootDir -DestinationPath $PSBPreference.Build.ModuleOutDir -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Generates MAML-based help from PlatyPS markdown files'
 
 $genUpdatableHelpPreReqs = {
@@ -207,7 +216,7 @@ $genUpdatableHelpPreReqs = {
     $result
 }
 Task GenerateUpdatableHelp -Depends $PSBGenerateUpdatableHelpDependency -PreCondition $genUpdatableHelpPreReqs {
-    Build-PSBuildUpdatableHelp -DocsPath $PSBPreference.Docs.RootDir -OutputPath $PSBPreference.Help.UpdatableHelpOutDir
+    Build-PSBuildUpdatableHelp -DocsPath $PSBPreference.Docs.RootDir -OutputPath $PSBPreference.Help.UpdatableHelpOutDir -Verbose:($VerbosePreference -eq 'Continue')
 } -Description 'Create updatable help .cab file based on PlatyPS markdown help'
 
 Task Publish -Depends $PSBPublishDependency {
@@ -248,6 +257,8 @@ Task SignModule -Depends $PSBSignModuleDependency -PreCondition $signModulePreRe
         CertStoreLocation         = $PSBPreference.Sign.CertStoreLocation
         CertificateEnvVar         = $PSBPreference.Sign.CertificateEnvVar
         CertificatePasswordEnvVar = $PSBPreference.Sign.CertificatePasswordEnvVar
+        SkipValidation            = $PSBPreference.Sign.SkipCertificateValidation
+        Verbose                   = $VerbosePreference -eq 'Continue'
     }
     if ($PSBPreference.Sign.Thumbprint) {
         $certParams.Thumbprint = $PSBPreference.Sign.Thumbprint
@@ -273,6 +284,7 @@ Task SignModule -Depends $PSBSignModuleDependency -PreCondition $signModulePreRe
         TimestampServer = $PSBPreference.Sign.TimestampServer
         HashAlgorithm   = $PSBPreference.Sign.HashAlgorithm
         Include         = $PSBPreference.Sign.FilesToSign
+        Verbose         = $VerbosePreference -eq 'Continue'
     }
     Invoke-PSBuildModuleSigning @signingParams
 } -Description 'Signs module files (*.psd1, *.psm1, *.ps1) with an Authenticode signature'
@@ -301,6 +313,7 @@ Task BuildCatalog -Depends $PSBBuildCatalogDependency -PreCondition $buildCatalo
         ModulePath      = $PSBPreference.Build.ModuleOutDir
         CatalogFilePath = $catalogFilePath
         CatalogVersion  = $PSBPreference.Sign.Catalog.Version
+        Verbose         = $VerbosePreference -eq 'Continue'
     }
     New-PSBuildFileCatalog @catalogParams
 } -Description 'Creates a Windows catalog (.cat) file for the built module'
@@ -323,6 +336,8 @@ Task SignCatalog -Depends $PSBSignCatalogDependency -PreCondition $signCatalogPr
         CertStoreLocation         = $PSBPreference.Sign.CertStoreLocation
         CertificateEnvVar         = $PSBPreference.Sign.CertificateEnvVar
         CertificatePasswordEnvVar = $PSBPreference.Sign.CertificatePasswordEnvVar
+        SkipValidation            = $PSBPreference.Sign.SkipCertificateValidation
+        Verbose                   = $VerbosePreference -eq 'Continue'
     }
     if ($PSBPreference.Sign.Thumbprint) {
         $certParams.Thumbprint = $PSBPreference.Sign.Thumbprint
@@ -354,6 +369,7 @@ Task SignCatalog -Depends $PSBSignCatalogDependency -PreCondition $signCatalogPr
         TimestampServer = $PSBPreference.Sign.TimestampServer
         HashAlgorithm   = $PSBPreference.Sign.HashAlgorithm
         Include         = @($catalogFileName)
+        Verbose         = $VerbosePreference -eq 'Continue'
     }
     Invoke-PSBuildModuleSigning @signingParams
 } -Description 'Signs the module catalog (.cat) file with an Authenticode signature'

tests/TestModule/build.ps1

@@ -36,15 +36,23 @@ if ($Bootstrap.IsPresent) {
 }
 
 if ($BuildTool -eq 'psake') {
-    if (Get-Module InvokeBuild) {Remove-Module InvokeBuild -Force}
+    if (Get-Module InvokeBuild) { Remove-Module InvokeBuild -Force }
     # Execute psake task(s)
     $psakeFile = './psakeFile.ps1'
     if ($PSCmdlet.ParameterSetName -eq 'Help') {
-        Get-PSakeScriptTasks -buildFile $psakeFile |
+        Get-PSakeScriptTasks -BuildFile $psakeFile |
             Format-Table -Property Name, Description, Alias, DependsOn
     } else {
         Set-BuildEnvironment -Force
-        Invoke-psake -buildFile $psakeFile -taskList $Task -nologo -properties $Properties
+        $invokepsakeSplat = @{
+            buildFile  = $psakeFile
+            taskList   = $Task
+            nologo     = $true
+            properties = $Properties
+        }
+        if ($PSBoundParameters.ContainsKey('Verbose')) { $invokepsakeSplat.Verbose = $true }
+
+        Invoke-psake @invokepsakeSplat
         exit ([int](-not $psake.build_success))
     }
 } else {
@@ -53,7 +61,7 @@ if ($BuildTool -eq 'psake') {
     } else {
         # Execute IB task(s)
         Import-Module InvokeBuild
-        if ($Task -eq 'Default') {$Task = '.'}
+        if ($Task -eq 'Default') { $Task = '.' }
         Invoke-Build -File ./.build.ps1 -Task $Task
     }
 }