From e565cbfca368e3332dc27fee9a5786912c57a9de Mon Sep 17 00:00:00 2001
From: AprilNEA <github@sku.moe>
Date: Mon, 15 Jun 2026 14:18:17 +0800
Subject: [PATCH] fix(release): re-register PSGallery before Windows Artifact
 Signing

azure/artifact-signing-action installs its ArtifactSigning module from
PSGallery at runtime. PSGallery is intermittently absent on hosted
windows runners (actions/runner-images#13758), so the action fails with
"Unable to find repository 'PSGallery'". This dropped the Windows arm64
exe and msi from the v0.6.14 release while x86_64 (a different runner)
shipped fine.

Register-PSRepository -Default in both Windows signing jobs when the
repository is missing, so a mis-provisioned runner can no longer lose a
release artifact.
---
 .github/workflows/release.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1693de45..c3f03640 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -272,6 +272,18 @@ jobs:
           tenant-id: ${{ steps.azure_config.outputs.AZURE_TENANT_ID }}
           subscription-id: ${{ steps.azure_config.outputs.AZURE_SUBSCRIPTION_ID }}
 
+      # artifact-signing-action installs its ArtifactSigning module from PSGallery,
+      # which is intermittently missing on hosted windows runners (the action then
+      # dies with "Unable to find repository 'PSGallery'" — actions/runner-images#13758).
+      # That flake silently dropped the arm64 exe + msi from v0.6.14. Re-register the
+      # default PSGallery so a mis-provisioned runner can't lose an artifact again.
+      - name: Ensure PSGallery is registered
+        shell: pwsh
+        run: |
+          if (-not (Get-PSRepository -Name PSGallery -ErrorAction SilentlyContinue)) {
+            Register-PSRepository -Default
+          }
+
       # Authenticode-signs via Artifact Signing (ex-Trusted Signing). The action only
       # runs on Windows runners. azure/login leaves an az CLI session that the action's
       # default AzureCliCredential picks up, so no azure-* secret inputs are needed.
@@ -431,6 +443,14 @@ jobs:
           tenant-id: ${{ steps.azure_config.outputs.AZURE_TENANT_ID }}
           subscription-id: ${{ steps.azure_config.outputs.AZURE_SUBSCRIPTION_ID }}
 
+      # Same PSGallery flake guard as the exe job — see that step's comment.
+      - name: Ensure PSGallery is registered
+        shell: pwsh
+        run: |
+          if (-not (Get-PSRepository -Name PSGallery -ErrorAction SilentlyContinue)) {
+            Register-PSRepository -Default
+          }
+
       - name: Sign OpenLogi.msi with Artifact Signing
         uses: azure/artifact-signing-action@v2
         with: