From fce95dc58d75598d4a1ae12466e3b25086b49813 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Fri, 7 Feb 2025 18:21:19 +0000
Subject: [PATCH] Iterate

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 .github/workflows/build_windows.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
index 765e9647..1802beff 100644
--- a/.github/workflows/build_windows.yaml
+++ b/.github/workflows/build_windows.yaml
@@ -3,6 +3,8 @@
 # the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 
 # Windows GHA runner by default uses the pwsh shell which breaks codeSigningCert in the workflow
+# We always sign using eSignerCKA to ensure it keeps working, but aside from release & nightlies we use demo credentials
+# which do not yield trusted signatures.
 defaults:
     run:
         shell: powershell
@@ -173,6 +175,7 @@ jobs:
                   yarn electron-builder --publish never -w ${{ steps.config.outputs.build-args }}
 
             - name: Check app was signed successfully
+              if: inputs.sign
               run: |
                   . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)