.github/workflows: skip signing if key pass isn't available (#377)

With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. See https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#pull-request-events-for-forked-repositories
2026-04-13 00:06:56 +00:00 · 2021-12-18 07:54:10 -08:00
parent a21c212358
commit 08f52cc125
1 changed files with 10 additions and 8 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -33,14 +33,16 @@ jobs:
            cp "$RUNNER_TEMP/LICENSE" "$DIR/age"
            go build -o "$DIR/age" -ldflags "-X main.Version=$VERSION" -trimpath ./cmd/...
            if [ "$GOOS" == "windows" ]; then
-              for exe in "$DIR"/age/*.exe; do
-                /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
-                  -certs .github/workflows/certs/uitacllc.crt \
-                  -key .github/workflows/certs/uitacllc.key \
-                  -pass "${{ secrets.SIGN_PASS }}" \
-                  -n age -in "$exe" -out "$exe.signed"
-                mv "$exe.signed" "$exe"
-              done
+              if [ -n "${{ secrets.SIGN_PASS }}" ]; then
+                for exe in "$DIR"/age/*.exe; do
+                  /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
+                    -certs .github/workflows/certs/uitacllc.crt \
+                    -key .github/workflows/certs/uitacllc.key \
+                    -pass "${{ secrets.SIGN_PASS }}" \
+                    -n age -in "$exe" -out "$exe.signed"
+                  mv "$exe.signed" "$exe"
+                done
+              fi
              ( cd "$DIR"; zip age.zip -r age )
              mv "$DIR/age.zip" "age-$VERSION-$GOOS-$GOARCH.zip"
            else