From 43a9b4b3c9025d99688109ebae0765e31f60383e Mon Sep 17 00:00:00 2001
From: Oliver Kopp <kopp.dev@gmail.com>
Date: Mon, 29 Mar 2021 23:22:30 +0200
Subject: [PATCH 1/4] Skip Mac OS build if secret not present

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index a7776160e6f..c3267917cfd 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -74,14 +74,14 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
       - name: Setup OSX key chain on OSX
-        if: matrix.os == 'macos-latest'
+        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
       - name: Setup OSX key chain on OSX for app id cert
-        if: matrix.os == 'macos-latest'
+        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
@@ -94,7 +94,7 @@ jobs:
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
         shell: bash
       - name: Resign app image for OSX and build dmg
-        if: matrix.os == 'macos-latest'
+        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
         shell: bash
         run: |
           codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: Tobias Diez (W2PU6LW5U5)" build/distribution/JabRef.app/Contents/runtime/Contents/MacOS/libjli.dylib

From 2a4167fddc5344944f4749ea70f6d6088e5f0a76 Mon Sep 17 00:00:00 2001
From: Carl Christian Snethlage <50491877+calixtus@users.noreply.github.com>
Date: Mon, 29 Mar 2021 23:48:23 +0200
Subject: [PATCH 2/4] Update deployment.yml

---
 .github/workflows/deployment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index c3267917cfd..5a0b06a599e 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -74,14 +74,14 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
       - name: Setup OSX key chain on OSX
-        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
+        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
       - name: Setup OSX key chain on OSX for app id cert
-        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
+        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
@@ -94,7 +94,7 @@ jobs:
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
         shell: bash
       - name: Resign app image for OSX and build dmg
-        if: matrix.os == 'macos-latest' && ${{ steps.checksecrets.outputs.secretspresent }}
+        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
         shell: bash
         run: |
           codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: Tobias Diez (W2PU6LW5U5)" build/distribution/JabRef.app/Contents/runtime/Contents/MacOS/libjli.dylib

From e5e52f630b90680e146fbbff9972f94fde294a1c Mon Sep 17 00:00:00 2001
From: Carl Christian Snethlage <50491877+calixtus@users.noreply.github.com>
Date: Mon, 29 Mar 2021 23:53:10 +0200
Subject: [PATCH 3/4] Update deployment.yml

---
 .github/workflows/deployment.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 5a0b06a599e..a681fb0a0d1 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -36,6 +36,7 @@ jobs:
             displayName: windows
             archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef
           - os: macOS-latest
+            if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
             displayName: macOS
             archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app
     runs-on: ${{ matrix.os }}
@@ -74,14 +75,14 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
       - name: Setup OSX key chain on OSX
-        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
+        if: matrix.os == 'macos-latest'
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
       - name: Setup OSX key chain on OSX for app id cert
-        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
+        if: matrix.os == 'macos-latest'
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
@@ -94,7 +95,7 @@ jobs:
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
         shell: bash
       - name: Resign app image for OSX and build dmg
-        if: matrix.os == 'macos-latest' && ${{ github.event.pull_request.head.repo.full_name == github.repository }}
+        if: matrix.os == 'macos-latest'
         shell: bash
         run: |
           codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: Tobias Diez (W2PU6LW5U5)" build/distribution/JabRef.app/Contents/runtime/Contents/MacOS/libjli.dylib

From f2ead4865e69d5fb0b80bd7061a516b27fb07f20 Mon Sep 17 00:00:00 2001
From: Christoph <siedlerkiller@gmail.com>
Date: Mon, 29 Mar 2021 23:53:40 +0200
Subject: [PATCH 4/4] Create deployment.yml

---
 .github/workflows/deployment.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index a681fb0a0d1..eb95e454ffa 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -36,7 +36,6 @@ jobs:
             displayName: windows
             archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef
           - os: macOS-latest
-            if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
             displayName: macOS
             archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app
     runs-on: ${{ matrix.os }}
@@ -75,14 +74,14 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
       - name: Setup OSX key chain on OSX
-        if: matrix.os == 'macos-latest'
+        if: ${{ matrix.os == 'macos-latest' && github.event.pull_request.head.repo.full_name == github.repository }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
           p12-password: ${{ secrets.OSX_CERT_PWD }}
           keychain-password: jabref
       - name: Setup OSX key chain on OSX for app id cert
-        if: matrix.os == 'macos-latest'
+        if: ${{ matrix.os == 'macos-latest' && github.event.pull_request.head.repo.full_name == github.repository }}
         uses: apple-actions/import-codesign-certs@v1
         with:
           p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
@@ -95,7 +94,7 @@ jobs:
         run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
         shell: bash
       - name: Resign app image for OSX and build dmg
-        if: matrix.os == 'macos-latest'
+        if: ${{ matrix.os == 'macos-latest' && github.event.pull_request.head.repo.full_name == github.repository }}
         shell: bash
         run: |
           codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: Tobias Diez (W2PU6LW5U5)" build/distribution/JabRef.app/Contents/runtime/Contents/MacOS/libjli.dylib