diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d50842822..c7e5758d3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,13 +17,21 @@ env:
 
 jobs:
   build:
-    if: github.repository == 'arduino/arduino-ide'
+    name: build (${{ matrix.config.os }})
     strategy:
       matrix:
         config:
           - os: windows-2019
+            certificate-secret: WINDOWS_SIGNING_CERTIFICATE_PFX # Name of the secret that contains the certificate.
+            certificate-password-secret: WINDOWS_SIGNING_CERTIFICATE_PASSWORD # Name of the secret that contains the certificate password.
+            certificate-extension: pfx  # File extension for the certificate.
           - os: ubuntu-18.04 # https://github.com/arduino/arduino-ide/issues/259
           - os: macos-latest
+            # APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from:
+            # https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the-developer-certificate
+            certificate-secret: APPLE_SIGNING_CERTIFICATE_P12
+            certificate-password-secret: KEYCHAIN_PASSWORD
+            certificate-extension: p12
     runs-on: ${{ matrix.config.os }}
     timeout-minutes: 90
 
@@ -53,29 +61,20 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           IS_NIGHTLY: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') }}
           IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }}
-          IS_FORK: ${{ github.event.pull_request.head.repo.fork == true }}
+          CAN_SIGN: ${{ secrets[matrix.config.certificate-secret] != '' }}
         run: |
           # See: https://www.electron.build/code-signing
-          if [ $IS_FORK = true ]; then
-            echo "Skipping the app signing: building from a fork."
+          if [ $CAN_SIGN = false ]; then
+            echo "Skipping the app signing: certificate not provided."
           else
-            if [ "${{ runner.OS }}" = "macOS" ]; then
-              export CSC_LINK="${{ runner.temp }}/signing_certificate.p12"
-              # APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from:
-              # https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the-developer-certificate
-              echo "${{ secrets.APPLE_SIGNING_CERTIFICATE_P12 }}" | base64 --decode > "$CSC_LINK"
-
-              export CSC_KEY_PASSWORD="${{ secrets.KEYCHAIN_PASSWORD }}"
-
-            elif [ "${{ runner.OS }}" = "Windows" ]; then
-              export CSC_LINK="${{ runner.temp }}/signing_certificate.pfx"
-              npm config set msvs_version 2017 --global
-              echo "${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PFX }}" | base64 --decode > "$CSC_LINK"
-
-              export CSC_KEY_PASSWORD="${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PASSWORD }}"
-            fi
+            export CSC_LINK="${{ runner.temp }}/signing_certificate.${{ matrix.config.certificate-extension }}"
+            echo "${{ secrets[matrix.config.certificate-secret] }}" | base64 --decode > "$CSC_LINK"
+            export CSC_KEY_PASSWORD="${{ secrets[matrix.config.certificate-password-secret] }}"
           fi
 
+          if [ "${{ runner.OS }}" = "Windows" ]; then
+            npm config set msvs_version 2017 --global
+          fi
           npx node-gyp install
           yarn --cwd ./electron/packager/
           yarn --cwd ./electron/packager/ package
@@ -188,7 +187,7 @@ jobs:
 
   release:
     needs: changelog
-    if: github.repository == 'arduino/arduino-ide' && startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     steps:
       - name: Download [GitHub Actions]
@@ -213,6 +212,7 @@ jobs:
           body: ${{ needs.changelog.outputs.BODY }}
 
       - name: Publish Release [S3]
+        if: github.repository == 'arduino/arduino-ide'
         uses: docker://plugins/s3
         env:
           PLUGIN_SOURCE: '${{ env.JOB_TRANSFER_ARTIFACT }}/*'
diff --git a/electron/build/scripts/notarize.js b/electron/build/scripts/notarize.js
index c13111854..05a7b64b3 100644
--- a/electron/build/scripts/notarize.js
+++ b/electron/build/scripts/notarize.js
@@ -6,8 +6,8 @@ exports.default = async function notarizing(context) {
     console.log('Skipping notarization: not on CI.');
     return;
   }
-  if (process.env.IS_FORK === 'true') {
-    console.log('Skipping the app notarization: building from a fork.');
+  if (process.env.CAN_SIGN === 'false') {
+    console.log('Skipping the app notarization: certificate was not provided.');
     return;
   }
   const { electronPlatformName, appOutDir } = context;