From 65b36207ea0915bf7582701cb2c75259df78a607 Mon Sep 17 00:00:00 2001 From: Michael Cook Date: Sat, 18 Dec 2021 06:57:08 -0800 Subject: [PATCH] .github/workflows: skip signing if key pass isn't available See https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#pull-request-events-for-forked-repositories With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. --- .github/workflows/build.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9a83d145..59e07ef9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,14 +33,16 @@ jobs: cp "$RUNNER_TEMP/LICENSE" "$DIR/age" go build -o "$DIR/age" -ldflags "-X main.Version=$VERSION" -trimpath ./cmd/... if [ "$GOOS" == "windows" ]; then - for exe in "$DIR"/age/*.exe; do - /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \ - -certs .github/workflows/certs/uitacllc.crt \ - -key .github/workflows/certs/uitacllc.key \ - -pass "${{ secrets.SIGN_PASS }}" \ - -n age -in "$exe" -out "$exe.signed" - mv "$exe.signed" "$exe" - done + if [ -n "${{ secrets.SIGN_PASS }}" ]; then + for exe in "$DIR"/age/*.exe; do + /usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \ + -certs .github/workflows/certs/uitacllc.crt \ + -key .github/workflows/certs/uitacllc.key \ + -pass "${{ secrets.SIGN_PASS }}" \ + -n age -in "$exe" -out "$exe.signed" + mv "$exe.signed" "$exe" + done + fi ( cd "$DIR"; zip age.zip -r age ) mv "$DIR/age.zip" "age-$VERSION-$GOOS-$GOARCH.zip" else