feat(signing): use environment variables for the executable path

.github/actions/build-electron/action.yml

@@ -79,6 +79,7 @@ runs:
         APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }}
         APPLE_ID: ${{ env.APPLE_ID }}
         APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }}
+        WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }}
       run: |
         npm run electron-forge:make -- \
           --arch=${{ inputs.arch }} \

.github/workflows/nightly.yml

@@ -50,6 +50,7 @@ jobs:
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          WINDOWS_SIGN_EXECUTABLE: ${{ vars.WINDOWS_SIGN_EXECUTABLE }}
 
       - name: Publish release
         uses: softprops/action-gh-release@v2

bin/electron-forge/sign-windows.cjs

@@ -1,8 +1,14 @@
 const child_process = require("child_process");
-const SIGN_EXECUTABLE = "C:\\ev_signer_trilium\\ev_signer_trilium.exe";
 
 module.exports = function (filePath) {
-    const command = `${SIGN_EXECUTABLE} --executable "${filePath}"`;
+    const { WINDOWS_SIGN_EXECUTABLE } = process.env;
+
+    if (!WINDOWS_SIGN_EXECUTABLE) {
+        console.warn("[Sign] Skip signing due to missing environment variable.");
+        return;
+    }
+
+    const command = `${WINDOWS_SIGN_EXECUTABLE} --executable "${filePath}"`;
     console.log(`[Sign] ${command}`);
     child_process.execSync(command);
 }