From 52f95f5d31cda80760bcdc7b38a78ffc9d35f1ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Janiszewski?= <janisozaur@gmail.com>
Date: Sun, 17 Nov 2024 20:53:34 +0100
Subject: [PATCH] Don't sign if not set manually

---
 .github/workflows/ci.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cd85cf2104..6f0e8df563 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,6 +22,7 @@ on:
         description: Sign binaries
         type: choice
         options:
+          - 'no'
           - test-signing
           - release-signing
         default: test-signing
@@ -95,16 +96,18 @@ jobs:
       - name: Sign
         id: sign
         run: |
-          echo "sign=${{ env.SIGNPATH_API_TOKEN != '' && (needs.build_variables.outputs.push || startsWith(github.ref, 'refs/tags/v')) }}"
+          sign=${{ env.SIGNPATH_API_TOKEN != '' && github.event.inputs.sign != 'no' && (needs.build_variables.outputs.push || startsWith(github.ref, 'refs/tags/v')) }}
           # if using workflow_dispatch, use the provided certificate
           if [[ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]]; then
             certificate=${{ github.event.inputs.sign }}
           else
-            # Default to test-signing
-            certificate=test-signing
+            # Default to no signing
+            certificate=no
+            sign=false
           fi
+          echo "sign=$sign"
           echo "certificate=$certificate"
-          echo "sign=${{ env.SIGNPATH_API_TOKEN != '' && (needs.build_variables.outputs.push || startsWith(github.ref, 'refs/tags/v')) }}" >> $GITHUB_OUTPUT
+          echo "sign=$sign" >> $GITHUB_OUTPUT
           echo "certificate=$certificate" >> $GITHUB_OUTPUT
   lint-commit:
     name: Lint Commit Message