From f752b25fc43d5e79a4f1cd1878a51702e7fea977 Mon Sep 17 00:00:00 2001 From: Shijie Rao Date: Tue, 2 Jun 2026 15:12:07 -0700 Subject: [PATCH] Revert "Use environment secrets for Azure signing" (#25948) Reverts openai/codex#24859 --- .github/workflows/rust-release-windows.yml | 16 +++++++++++++--- .github/workflows/rust-release.yml | 1 + 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rust-release-windows.yml b/.github/workflows/rust-release-windows.yml index 0d8cc2969..fc14088ef 100644 --- a/.github/workflows/rust-release-windows.yml +++ b/.github/workflows/rust-release-windows.yml @@ -6,6 +6,19 @@ on: release-lto: required: true type: string + secrets: + AZURE_TRUSTED_SIGNING_CLIENT_ID: + required: true + AZURE_TRUSTED_SIGNING_TENANT_ID: + required: true + AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID: + required: true + AZURE_TRUSTED_SIGNING_ENDPOINT: + required: true + AZURE_TRUSTED_SIGNING_ACCOUNT_NAME: + required: true + AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME: + required: true # Cargo's libgit2 transport has been flaky when fetching git dependencies with # nested submodules. Prefer the system git CLI across every Cargo invocation. @@ -151,9 +164,6 @@ jobs: - build-windows-binaries name: Build - ${{ matrix.runner }} - ${{ matrix.target }} runs-on: ${{ matrix.runs_on }} - environment: - name: azure-artifact-signing - deployment: false timeout-minutes: 90 permissions: contents: read diff --git a/.github/workflows/rust-release.yml b/.github/workflows/rust-release.yml index 6b0814dae..364fe7890 100644 --- a/.github/workflows/rust-release.yml +++ b/.github/workflows/rust-release.yml @@ -865,6 +865,7 @@ jobs: uses: ./.github/workflows/rust-release-windows.yml with: release-lto: ${{ contains(github.ref_name, '-alpha') && 'thin' || 'fat' }} + secrets: inherit argument-comment-lint-release-assets: if: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed' }}