PNArchives/Memoh
1
0
Fork 0
mirror of https://github.com/memohai/Memoh.git synced 2026-04-25 07:00:48 +09:00
Code Issues Packages Projects Releases Wiki Activity

fix(ci): avoid direct secrets access in tauri workflows

Browse Source
This commit is contained in:
晨苒
2026-04-14 06:51:06 +08:00
parent 4d5f3f9126
commit cb44408277
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/tauri-ci.yml
+4 -4
View File
@@ -44,6 +44,9 @@ jobs:
runs-on: ${{ matrix.platform }}
timeout-minutes: 60
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
steps:
- uses: actions/checkout@v4
@@ -82,10 +85,7 @@ jobs:
# macOS code signing with certificate secrets.
- name: Prepare macOS code signing
if: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE != '' && secrets.APPLE_CERTIFICATE_PASSWORD != '' }}
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
if: ${{ matrix.platform == 'macos-latest' && env.APPLE_CERTIFICATE != '' && env.APPLE_CERTIFICATE_PASSWORD != '' }}
run: |
set -euo pipefail
KEYCHAIN_PASSWORD="github-actions-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT:-1}"
.github/workflows/tauri-release.yml
+4 -4
View File
@@ -31,6 +31,9 @@ jobs:
runs-on: ${{ matrix.platform }}
timeout-minutes: 60
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
steps:
- uses: actions/checkout@v4
@@ -102,10 +105,7 @@ jobs:
# macOS code signing with certificate secrets.
- name: Prepare macOS code signing
if: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE != '' && secrets.APPLE_CERTIFICATE_PASSWORD != '' }}
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
if: ${{ matrix.platform == 'macos-latest' && env.APPLE_CERTIFICATE != '' && env.APPLE_CERTIFICATE_PASSWORD != '' }}
run: |
set -euo pipefail
KEYCHAIN_PASSWORD="github-actions-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT:-1}"