Merge pull request #223 from Chia-Network/dependabot-no-secret-access

ci: allow dependabot to build binaries without secret access

.github/workflows/build-installers.yaml

@@ -175,9 +175,20 @@ jobs:
           mkdir artifacts/
           cp ./dist/main${{ matrix.os.executable-extension }} ./artifacts/${{ matrix.config.app-name }}_${{ steps.tag-name.outputs.TAGNAME || github.sha }}_${{ matrix.arch.artifact-name }}${{ matrix.os.executable-extension }}
 
+      - name: Test for secrets access
+        id: check_secrets
+        shell: bash
+        run: |
+          unset HAS_SIGNING_SECRET
+
+          if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
+          echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
+        env:
+          SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
+
       # Windows Code Signing
       - name: Sign windows artifacts
-        if: matrix.os.matrix == 'windows'
+        if: matrix.os.matrix == 'windows' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
         uses: chia-network/actions/digicert/windows-sign@main
         env:
           SM_TOOLS_DOWNLOAD_URL: ${{ vars.SM_TOOLS_DOWNLOAD_URL }}