From d8fd0779f6f851389c53d4a3664bb46b3d10475a Mon Sep 17 00:00:00 2001
From: Yukai Chou <muzimuzhi@gmail.com>
Date: Tue, 6 Aug 2024 13:38:32 +0800
Subject: [PATCH] Skip codesign if required secret is not set (#3752)

---
 .github/workflows/cd.yml | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index d76b28ac6..3098c8b8b 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -72,9 +72,20 @@ jobs:
           echo "TXS_VERSION=${TXS_VERSION}">> $GITHUB_OUTPUT
           echo "GIT_VERSION=${GIT_VERSION}">> $GITHUB_OUTPUT
       
+      - name: Detect if codesign
+        run: |
+          # Nonexistent context property evaluates to an empty string.
+          # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/contexts#about-contexts
+          if [ -z "${{ secrets.SIGNPATH_API_TOKEN }}" ]; then
+            echo "IF_CODESIGN=false" >> "$GITHUB_ENV"
+            echo "::notice file=.github/workflows/cd.yml,title=Codesign skipped::Secret "SIGNPATH_API_TOKEN" not set."
+          else
+            echo "IF_CODESIGN=true" >> "$GITHUB_ENV"
+          fi
+
       - name: Codesign binary
         id: sign_binary
-        if: true
+        if: env.IF_CODESIGN == 'true'
         uses: signpath/github-action-submit-signing-request@v0.4
         with:
           api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
@@ -91,6 +102,7 @@ jobs:
 
       - name: use signed binary
         id: use_signed_binary
+        if: env.IF_CODESIGN == 'true'
         run: |
           mv signed-artifacts/texstudio.exe build/texstudio.exe
 
@@ -122,7 +134,7 @@ jobs:
 
       - name: Codesign
         id: sign
-        if: true
+        if: env.IF_CODESIGN == 'true'
         uses: signpath/github-action-submit-signing-request@v0.4
         with:
           api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
@@ -139,13 +151,14 @@ jobs:
 
       - name: copy signed installer
         id: copy_signed_binary
+        if: env.IF_CODESIGN == 'true'
         run: |
           cp signed-artifacts/texstudio-win-qt6-${{ steps.package.outputs.VERSION_NAME }}.exe texstudio-${{ steps.package.outputs.GIT_VERSION }}-win-qt6-signed.exe
     
 
       - name: Upload signed installer to GitHub Artifacts
         id: upload-artifact-signed
-        if: github.event_name == 'push'
+        if: env.IF_CODESIGN == 'true' && github.event_name == 'push'
         uses: actions/upload-artifact@v4
         with:
           name: texstudio-win-qt6-signed-exe
@@ -157,7 +170,9 @@ jobs:
         with:
           name: release-win
           path: |
-            texstudio-${{ steps.package.outputs.GIT_VERSION }}-win-qt6-signed.exe
+            ${{ env.IF_CODESIGN == 'true'
+                && format('texstudio-{0}-win-qt6-signed.exe', steps.package.outputs.GIT_VERSION)
+                || '' }}
             texstudio-${{ steps.package.outputs.GIT_VERSION }}-win-portable-qt6.zip
 
 ###################################