use 7zip

Author: davegarthsimpson

.github/workflows/build.yml

@@ -431,6 +431,10 @@ jobs:
       SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe"
 
     steps:
+      - name: Install 7-Zip
+        run: choco install 7zip
+        shell: pwsh
+
       - name: Download artifact
         uses: actions/download-artifact@v3
         with:
@@ -465,11 +469,11 @@ jobs:
             # Unzip, Sign, and Rezip ZIP file without '_unsigned' in the name
             if [[ "$EXTENSION" == "zip" ]]; then
               TEMP_DIR=$(mktemp -d)
-              unzip "$ARTIFACT" -d "$TEMP_DIR"
-              find "$TEMP_DIR" -type f -name '*.exe' -exec "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v {} \;
+              7z x "$ARTIFACT" -o "$TEMP_DIR"
+              find "$TEMP_DIR" -type f -name 'Arduino IDE.exe' -exec "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v {} \;
               SIGNED_ARTIFACT_PATH="${{ env.BUILD_ARTIFACTS_PATH }}/${SIGNED_BASE_NAME}.${EXTENSION}"
               pushd "$TEMP_DIR"
-              zip -r "$SIGNED_ARTIFACT_PATH" .
+              7z a "$SIGNED_ARTIFACT_PATH" "$TEMP_DIR\*"
               popd
               rm -rf "$TEMP_DIR"
               echo "Processed and re-zipped $ARTIFACT"