From 50db2d33c90e4b203e6470107871bc05ac8d8c02 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 16 Nov 2024 05:50:27 -0800 Subject: [PATCH] Get job-specific configuration from matrix in build workflow The "build" workflow builds the application for a range of target hosts. This is done by using a job matrix. A separate parallel job runs for each target. The target-specific configuration data is defined in the job matrix array. This configuration data includes the information related to the code signing certificates. Inexplicably, during the work to add support for signing the Windows builds with an "eToken" hardware authentication device, this data was not used for the Windows code signing configuration. Instead the certificate data was redundantly hardcoded into the workflow code. The Windows code signing certificate configuration is hereby changed to use the established flexible job configuration data system. This makes the workflow easier to understand and maintain. --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6b817e416..02de77393 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -288,8 +288,8 @@ jobs: # We are hardcoding the path for signtool because is not present on the windows PATH env var by default. # Keep in mind that this path could change when upgrading to a new runner version SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe" - WIN_CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }} - WIN_CERT_CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }} + WIN_CERT_PASSWORD: ${{ secrets[matrix.config.certificate-password-secret] }} + WIN_CERT_CONTAINER_NAME: ${{ secrets[matrix.config.certificate-container] }} WIN_SIGNING_ENABLED: ${{ !github.event.pull_request.head.repo.fork }} strategy: