Skip to content

Commit

Permalink
ci: allow dependabot to build binaries without secret access
Browse files Browse the repository at this point in the history
  • Loading branch information
TheLastCicada committed Nov 7, 2024
1 parent 0a4dfb6 commit b19f2c6
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion .github/workflows/build-installers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -175,9 +175,20 @@ jobs:
mkdir artifacts/
cp ./dist/main${{ matrix.os.executable-extension }} ./artifacts/${{ matrix.config.app-name }}_${{ steps.tag-name.outputs.TAGNAME || github.sha }}_${{ matrix.arch.artifact-name }}${{ matrix.os.executable-extension }}
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"

# Windows Code Signing
- name: Sign windows artifacts
if: matrix.os.matrix == 'windows'
if: matrix.os.matrix == 'windows' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: chia-network/actions/digicert/windows-sign@main
env:
SM_TOOLS_DOWNLOAD_URL: ${{ vars.SM_TOOLS_DOWNLOAD_URL }}
Expand Down

0 comments on commit b19f2c6

Please sign in to comment.