.github/workflows: skip signing if key pass isn't available

See https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#pull-request-events-for-forked-repositories With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.
FiloSottile · Dec 18, 2021 · 65b3620 · 65b3620
1 parent a21c212
commit 65b3620
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -33,14 +33,16 @@ jobs:
             cp "$RUNNER_TEMP/LICENSE" "$DIR/age"
             go build -o "$DIR/age" -ldflags "-X main.Version=$VERSION" -trimpath ./cmd/...
             if [ "$GOOS" == "windows" ]; then
-              for exe in "$DIR"/age/*.exe; do
-                /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
-                  -certs .github/workflows/certs/uitacllc.crt \
-                  -key .github/workflows/certs/uitacllc.key \
-                  -pass "${{ secrets.SIGN_PASS }}" \
-                  -n age -in "$exe" -out "$exe.signed"
-                mv "$exe.signed" "$exe"
-              done
+              if [ -n "${{ secrets.SIGN_PASS }}" ]; then
+                for exe in "$DIR"/age/*.exe; do
+                  /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
+                    -certs .github/workflows/certs/uitacllc.crt \
+                    -key .github/workflows/certs/uitacllc.key \
+                    -pass "${{ secrets.SIGN_PASS }}" \
+                    -n age -in "$exe" -out "$exe.signed"
+                  mv "$exe.signed" "$exe"
+                done
+              fi
               ( cd "$DIR"; zip age.zip -r age )
               mv "$DIR/age.zip" "age-$VERSION-$GOOS-$GOARCH.zip"
             else