From 939093d6488a01311718a668a4f7fbf8fc198db6 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Mon, 5 Jan 2026 13:32:03 -0500
Subject: [PATCH] ci: actually sign windows builds in Release env

Signed-off-by: Seth Flynn <getchoo@tuta.io>
---
 .github/actions/package/windows/action.yml | 6 +++---
 .github/workflows/build.yml                | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/actions/package/windows/action.yml b/.github/actions/package/windows/action.yml
index 49dfbd545..bd402328c 100644
--- a/.github/actions/package/windows/action.yml
+++ b/.github/actions/package/windows/action.yml
@@ -54,13 +54,13 @@ runs:
         Get-ChildItem ${{ env.INSTALL_DIR }} -Recurse | ForEach FullName | Resolve-Path -Relative | %{ $_.TrimStart('.\') } | %{ $_.TrimStart('${{ env.INSTALL_DIR }}') } | %{ $_.TrimStart('\') } | Out-File -FilePath ${{ env.INSTALL_DIR }}/manifest.txt
 
     - name: Emit warning for unsigned builds
-      if: ${{ github.ref_name != 'develop' || inputs.azure-client-id == '' }}
+      if: ${{ env.CI_HAS_ACCESS_TO_AZURE == '' || inputs.azure-client-id == '' }}
       shell: pwsh
       run: |
         ":warning: Skipped code signing for Windows, as certificate was not present." >> $env:GITHUB_STEP_SUMMARY
 
     - name: Login to Azure
-      if: ${{ github.ref_name == 'develop' && inputs.azure-client-id != '' }}
+      if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }}
       uses: azure/login@v2
       with:
         client-id: ${{ inputs.azure-client-id }}
@@ -68,7 +68,7 @@ runs:
         subscription-id: ${{ inputs.azure-subscription-id }}
 
     - name: Sign executables
-      if: ${{ github.ref_name == 'develop' && inputs.azure-client-id != '' }}
+      if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }}
       uses: azure/trusted-signing-action@v0
       with:
         endpoint: https://eus.codesigning.azure.net/
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eaf9e49ef..d83963b13 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -220,6 +220,8 @@ jobs:
       - name: Package (Windows)
         if: ${{ runner.os == 'Windows' }}
         uses: ./.github/actions/package/windows
+        env:
+          CI_HAS_ACCESS_TO_AZURE: ${{ vars.CI_HAS_ACCESS_TO_AZURE || '' }}
         with:
           version: ${{ steps.short-version.outputs.version }}
           build-type: ${{ steps.setup-dependencies.outputs.build-type }}