For developers without commit/push access to the main NV Access repo, it's possible to configure Appveyor on their fork and trigger a build by pushing to a try-* branch.
However, the current configuration instructs Appveyor to sign every build except builds related to a PR. This fails, since the encrypted signing certificate can only be decrypted with the passphrase which is stored encrypted in the Appveyor config. The encryption of this passphrase is Appveyor account specific. I see why this protection of the signing certificate is essential.
Currently, the check if a build should be signed is related to the APPVEYOR_PULL_REQUEST_NUMBER environment variable. I just put in a fake value for this variable using the Appveyor UI so I can do unsigned builds of try branches in my NVDA fork.
A better solution would be to add an environment variable that controls signing, this can then be set in the UI or by logic in the build script. It would be nice if it defaults to false for any build that is not done by NV Access. We might use the APPVEYOR_REPO_NAME variable for this, which should contain nvaccess/nvda for official builds.
Especially now we have the system testing framework in place, which takes a while to run locally and disturbs normal NVDA usage, I think it's important that developers can run reliable builds and get feedback on failing tests.
For developers without commit/push access to the main NV Access repo, it's possible to configure Appveyor on their fork and trigger a build by pushing to a
try-*branch.However, the current configuration instructs Appveyor to sign every build except builds related to a PR. This fails, since the encrypted signing certificate can only be decrypted with the passphrase which is stored encrypted in the Appveyor config. The encryption of this passphrase is Appveyor account specific. I see why this protection of the signing certificate is essential.
Currently, the check if a build should be signed is related to the APPVEYOR_PULL_REQUEST_NUMBER environment variable. I just put in a fake value for this variable using the Appveyor UI so I can do unsigned builds of try branches in my NVDA fork.
A better solution would be to add an environment variable that controls signing, this can then be set in the UI or by logic in the build script. It would be nice if it defaults to false for any build that is not done by NV Access. We might use the APPVEYOR_REPO_NAME variable for this, which should contain
nvaccess/nvdafor official builds.Especially now we have the system testing framework in place, which takes a while to run locally and disturbs normal NVDA usage, I think it's important that developers can run reliable builds and get feedback on failing tests.