From e2fba9c62a14cb31d4f29d347c835349d96ee3f8 Mon Sep 17 00:00:00 2001
From: Altynbek Orumbayev <altynbek.orumbayev@makerx.com.au>
Date: Wed, 8 Jan 2025 19:27:19 +0100
Subject: [PATCH] chore: adding conditional to skip codesigning on PR triggers
 when building binaries

---
 .github/workflows/build-binaries.yaml | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build-binaries.yaml b/.github/workflows/build-binaries.yaml
index cd711b47..eaa75654 100644
--- a/.github/workflows/build-binaries.yaml
+++ b/.github/workflows/build-binaries.yaml
@@ -24,6 +24,12 @@ jobs:
         os: [ubuntu-20.04, windows-latest, macos-13, macos-14]
 
     steps:
+      - name: Set signing condition
+        id: signing
+        run: |
+          echo "allowed=${{ github.event_name != 'pull_request' && github.ref_name == 'main' }}" >> $GITHUB_OUTPUT
+        shell: bash
+
       - name: Checkout source code
         uses: actions/checkout@v4
         with:
@@ -59,9 +65,9 @@ jobs:
           version: ${{ inputs.release_version }}
           artifacts_dir: ${{ env.ARTIFACTS_DIR }}
           production_release: ${{ inputs.production_release }}
-          azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
-          azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
-          azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          azure_tenant_id: ${{ steps.signing.outputs.allowed && secrets.AZURE_TENANT_ID || '' }}
+          azure_client_id: ${{ steps.signing.outputs.allowed && secrets.AZURE_CLIENT_ID || '' }}
+          azure_client_secret: ${{ steps.signing.outputs.allowed && secrets.AZURE_CLIENT_SECRET || '' }}
 
       - name: Build linux binary
         if: ${{ runner.os == 'Linux' }}
@@ -72,7 +78,7 @@ jobs:
           artifacts_dir: ${{ env.ARTIFACTS_DIR }}
 
       - name: Install Apple Developer Id Cert
-        if: runner.os == 'macOS'
+        if: ${{ runner.os == 'macOS' && steps.signing.outputs.allowed == 'true' }}
         uses: ./.github/actions/install-apple-dev-id-cert
         with:
           cert_data: ${{ secrets.APPLE_CERT_DATA }}
@@ -85,11 +91,11 @@ jobs:
           package_name: ${{ env.PACKAGE_NAME }}
           version: ${{ inputs.release_version }}
           artifacts_dir: ${{ env.ARTIFACTS_DIR }}
-          apple_team_id: ${{ secrets.APPLE_TEAM_ID }}
-          apple_bundle_id: ${{ inputs.production_release == 'true' && vars.APPLE_BUNDLE_ID || format('beta.{0}', vars.APPLE_BUNDLE_ID) }}
-          apple_cert_id: ${{ secrets.APPLE_CERT_ID }}
-          apple_notary_user: ${{ secrets.APPLE_NOTARY_USER }}
-          apple_notary_password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
+          apple_team_id: ${{ steps.signing.outputs.allowed && secrets.APPLE_TEAM_ID || '' }}
+          apple_bundle_id: ${{ steps.signing.outputs.allowed && vars.APPLE_BUNDLE_ID || format('beta.{0}', vars.APPLE_BUNDLE_ID) }}
+          apple_cert_id: ${{ steps.signing.outputs.allowed && secrets.APPLE_CERT_ID || '' }}
+          apple_notary_user: ${{ steps.signing.outputs.allowed && secrets.APPLE_NOTARY_USER || '' }}
+          apple_notary_password: ${{ steps.signing.outputs.allowed && secrets.APPLE_NOTARY_PASSWORD || '' }}
 
       - name: Add binary to path
         run: |