github: change non-secrets to vars

.github/workflows/build.yml

@@ -40,7 +40,7 @@ jobs:
       id: checker
       shell: bash
       env:
-        IS_SELF_HOSTED_RUNNER: ${{ secrets.IS_SELF_HOSTED_RUNNER || (github.repository_owner == 'utmapp' && 'true') }}
+        IS_SELF_HOSTED_RUNNER: ${{ vars.IS_SELF_HOSTED_RUNNER || (github.repository_owner == 'utmapp' && 'true') }}
       run: |
         echo "github-runner='$RUNNER_IMAGE'" >> $GITHUB_OUTPUT
         echo "xcode-beta='$XCODE_BETA'" >> $GITHUB_OUTPUT
@@ -225,7 +225,7 @@ jobs:
           ./scripts/build_utm.sh -t "$SIGNING_TEAM_ID" -p macos -a "arm64 x86_64" -o UTM
           tar -acf UTM.xcarchive.tgz UTM.xcarchive
         env:
-          SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }}
+          SIGNING_TEAM_ID: ${{ vars.SIGNING_TEAM_ID }}
       - name: Upload UTM
         uses: actions/upload-artifact@v3
         with:
@@ -286,14 +286,14 @@ jobs:
         uses: peter-evans/repository-dispatch@v1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_ALTSTORE_REPO_NAME }}
+          repository: ${{ vars.DISPATCH_ALTSTORE_REPO_NAME }}
           event-type: new-release
       - name: Update Cydia Repository
         continue-on-error: true
         uses: peter-evans/repository-dispatch@v1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_CYDIA_REPO_NAME }}
+          repository: ${{ vars.DISPATCH_CYDIA_REPO_NAME }}
           event-type: new-release
   package-mac:
     name: Package (macOS)
@@ -315,12 +315,12 @@ jobs:
           echo $HELPER_PROFILE_DATA | base64 --decode -o ~/Library/MobileDevice/Provisioning\ Profiles/$HELPER_PROFILE_UUID.provisionprofile
           echo $LAUNCHER_PROFILE_DATA | base64 --decode -o ~/Library/MobileDevice/Provisioning\ Profiles/$LAUNCHER_PROFILE_UUID.provisionprofile
         env:
-          PROFILE_DATA: ${{ secrets.PROFILE_DATA }}
-          PROFILE_UUID: ${{ secrets.PROFILE_UUID }}
-          HELPER_PROFILE_DATA: ${{ secrets.HELPER_PROFILE_DATA }}
-          HELPER_PROFILE_UUID: ${{ secrets.HELPER_PROFILE_UUID }}
-          LAUNCHER_PROFILE_DATA: ${{ secrets.LAUNCHER_PROFILE_DATA }}
-          LAUNCHER_PROFILE_UUID: ${{ secrets.LAUNCHER_PROFILE_UUID }}
+          PROFILE_DATA: ${{ vars.PROFILE_DATA }}
+          PROFILE_UUID: ${{ vars.PROFILE_UUID }}
+          HELPER_PROFILE_DATA: ${{ vars.HELPER_PROFILE_DATA }}
+          HELPER_PROFILE_UUID: ${{ vars.HELPER_PROFILE_UUID }}
+          LAUNCHER_PROFILE_DATA: ${{ vars.LAUNCHER_PROFILE_DATA }}
+          LAUNCHER_PROFILE_UUID: ${{ vars.LAUNCHER_PROFILE_UUID }}
       - name: Install appdmg
         run: npm install -g appdmg
       - name: Download Artifact
@@ -332,10 +332,10 @@ jobs:
           tar -xf UTM.xcarchive.tgz
           ./scripts/package_mac.sh developer-id UTM.xcarchive . "$SIGNING_TEAM_ID" "$PROFILE_UUID" "$HELPER_PROFILE_UUID" "$LAUNCHER_PROFILE_UUID"
         env:
-          SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }}
-          PROFILE_UUID: ${{ secrets.PROFILE_UUID }}
-          HELPER_PROFILE_UUID: ${{ secrets.HELPER_PROFILE_UUID }}
-          LAUNCHER_PROFILE_UUID: ${{ secrets.LAUNCHER_PROFILE_UUID }}
+          SIGNING_TEAM_ID: ${{ vars.SIGNING_TEAM_ID }}
+          PROFILE_UUID: ${{ vars.PROFILE_UUID }}
+          HELPER_PROFILE_UUID: ${{ vars.HELPER_PROFILE_UUID }}
+          LAUNCHER_PROFILE_UUID: ${{ vars.LAUNCHER_PROFILE_UUID }}
       - name: Notarize app
         if: needs.configuration.outputs.xcode-beta != 'true'
         run: npx notarize-cli --file "UTM.dmg" --bundle-id "com.utmapp.UTM"
@@ -378,12 +378,12 @@ jobs:
           echo $HELPER_PROFILE_DATA | base64 --decode -o ~/Library/MobileDevice/Provisioning\ Profiles/$HELPER_PROFILE_UUID.provisionprofile
           echo $LAUNCHER_PROFILE_DATA | base64 --decode -o ~/Library/MobileDevice/Provisioning\ Profiles/$LAUNCHER_PROFILE_UUID.provisionprofile
         env:
-          PROFILE_DATA: ${{ secrets.APP_STORE_PROFILE_DATA }}
-          PROFILE_UUID: ${{ secrets.APP_STORE_PROFILE_UUID }}
-          HELPER_PROFILE_DATA: ${{ secrets.APP_STORE_HELPER_PROFILE_DATA }}
-          HELPER_PROFILE_UUID: ${{ secrets.APP_STORE_HELPER_PROFILE_UUID }}
-          LAUNCHER_PROFILE_DATA: ${{ secrets.APP_STORE_LAUNCHER_PROFILE_DATA }}
-          LAUNCHER_PROFILE_UUID: ${{ secrets.APP_STORE_LAUNCHER_PROFILE_UUID }}
+          PROFILE_DATA: ${{ vars.APP_STORE_PROFILE_DATA }}
+          PROFILE_UUID: ${{ vars.APP_STORE_PROFILE_UUID }}
+          HELPER_PROFILE_DATA: ${{ vars.APP_STORE_HELPER_PROFILE_DATA }}
+          HELPER_PROFILE_UUID: ${{ vars.APP_STORE_HELPER_PROFILE_UUID }}
+          LAUNCHER_PROFILE_DATA: ${{ vars.APP_STORE_LAUNCHER_PROFILE_DATA }}
+          LAUNCHER_PROFILE_UUID: ${{ vars.APP_STORE_LAUNCHER_PROFILE_UUID }}
       - name: Download Artifact
         uses: actions/download-artifact@v3
         with:
@@ -393,10 +393,10 @@ jobs:
           tar -xf UTM.xcarchive.tgz
           ./scripts/package_mac.sh app-store UTM.xcarchive . "$SIGNING_TEAM_ID" "$PROFILE_UUID" "$HELPER_PROFILE_UUID" "$LAUNCHER_PROFILE_UUID"
         env:
-          SIGNING_TEAM_ID: ${{ secrets.SIGNING_TEAM_ID }}
-          PROFILE_UUID: ${{ secrets.APP_STORE_PROFILE_UUID }}
-          HELPER_PROFILE_UUID: ${{ secrets.APP_STORE_HELPER_PROFILE_UUID }}
-          LAUNCHER_PROFILE_UUID: ${{ secrets.APP_STORE_LAUNCHER_PROFILE_UUID }}
+          SIGNING_TEAM_ID: ${{ vars.SIGNING_TEAM_ID }}
+          PROFILE_UUID: ${{ vars.APP_STORE_PROFILE_UUID }}
+          HELPER_PROFILE_UUID: ${{ vars.APP_STORE_HELPER_PROFILE_UUID }}
+          LAUNCHER_PROFILE_UUID: ${{ vars.APP_STORE_LAUNCHER_PROFILE_UUID }}
       - name: Upload Artifact
         if: github.event_name != 'release'
         uses: actions/upload-artifact@v3

Documentation/Release.md

@@ -76,17 +76,20 @@ In case of issues in post release that warrants a re-release, follow the same st
 
 ### Secrets
 
-Below is a summary of all the secrets used by GitHub Actions in the release process.
+Below is a summary of all the variables and secrets used by GitHub Actions in the release process.
 
 |Secret                           |Description                                                                        |
 |---------------------------------|-----------------------------------------------------------------------------------|
-|`DISPATCH_ALTSTORE_REPO_NAME`    |`username/repo` path to a [altstore-github][1] repository                          |
-|`DISPATCH_CYDIA_REPO_NAME`       |`username/repo` path to a [silica-package-github][2] repository                    |
 |`PERSONAL_ACCESS_TOKEN`          |GitHub personal token with permission for `repository_dispatch`                    |
 |`SIGNING_CERTIFICATE_P12_DATA`   |Base64 encoded PKCS#12 format containing certificates and private keys for signing |
 |`SIGNING_CERTIFICATE_PASSWORD`   |Password of the PKCS#12 file                                                       |
 |`SIGNING_USERNAME`               |App Store Connect username for notarizing and submission                           |
 |`SIGNING_PASSWORD`               |App Store Connect ["app-specific password"][3]                                     |
+
+|Variable                         |Description                                                                        |
+|---------------------------------|-----------------------------------------------------------------------------------|
+|`DISPATCH_ALTSTORE_REPO_NAME`    |`username/repo` path to a [altstore-github][1] repository                          |
+|`DISPATCH_CYDIA_REPO_NAME`       |`username/repo` path to a [silica-package-github][2] repository                    |
 |`SIGNING_TEAM_ID`                |Team ID associated with signing certificates                                       |
 |`PROFILE_DATA`                   |Base64 encoded provisioning profile of main application                            |
 |`PROFILE_UUID`                   |UUID of provisioning profile above                                                 |