avoid matrix in sign job

davegarthsimpson · davegarthsimpson · commit 37060ad010be · 2024-06-27T11:14:42.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -437,12 +437,12 @@ jobs:
           echo "ARTIFACT_PATH=${ARTIFACT_PATH}" >> $GITHUB_ENV
 
       - name: Save Win signing certificate to file
-        run: echo "${{ secrets[matrix.config.certificate-secret] }}" | base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_CER }}
+        run: echo "${{ secrets.INSTALLER_CERT_WINDOWS_CER }}" | base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_CER }}
 
       - name: Sign EXE
         env:
-          CERT_PASSWORD: ${{ secrets[matrix.config.certificate-password-secret] }}
-          CONTAINER_NAME: ${{ secrets[matrix.config.certificate-container] }}
+          CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
+          CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }}
           # https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken
         run: |
           "${{ env.SIGNTOOL_PATH }}" sign -d "Arduino IDE" -f ${{ env.INSTALLER_CERT_WINDOWS_CER }} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v ${{ env.ARTIFACT_PATH }}"
