chore: adding conditional to skip codesigning on PR triggers when building binaries

[aorumbayev]

The main gist is to further refine access to secrets to ensure none are accessed on PR triggers. Codesigning shall only run on production releases on main branch OR cron triggered checks performed weekly (8am UTC mondays) on main branch.

Proposed Changes

• Add a new "with_codesign" parameter to macOS and Windows build actions to control whether binaries should be signed.
• Update the build-binaries workflow to determine code-signing eligibility (via a new "signing" step) based on branch, PR status, and release conditions.
• Update the macOS composite action to set "APPLE_CERT_ID" and "APPLE_BUNDLE_ID" conditionally, falling back to a beta bundle ID when "production_release" is false.
• Replace references to "production_release" in the Windows build action with "with_codesign" for consistency.
• Modify pyproject.toml to allow conditional code signing by passing in environment variables, ensuring more flexible signing logic for macOS binaries.

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
src/algokit
__init__.py	15	7	53%	6–13, 17–24, 32–34
__main__.py	4	4	0%	1–7
src/algokit/cli
__init__.py	47	3	94%	31–34
codespace.py	50	9	82%	28, 114, 137, 150–155
completions.py	108	9	92%	63–64, 83, 93–99
dispenser.py	121	1	99%	77
doctor.py	53	3	94%	146–148
explore.py	63	15	76%	35–40, 42–47, 85–92, 113
generate.py	60	3	95%	76–77, 155
goal.py	54	5	91%	85, 96, 107–109
init.py	310	24	92%	491–492, 497–498, 501, 522, 525–527, 538, 542, 600, 626, 655, 688, 697–699, 702–707, 720, 739, 751–752
localnet.py	164	32	80%	67, 88–115, 164–168, 212, 233, 248–258, 271, 322, 343–344
task.py	34	3	91%	25–28
src/algokit/cli/common
utils.py	37	2	95%	137, 139
src/algokit/cli/project
bootstrap.py	32	1	97%	33
deploy.py	117	20	83%	47, 49, 102, 125, 147–149, 270, 277, 291–299, 302–311
link.py	81	12	85%	60, 65–66, 109–114, 142–143, 212–213, 217
list.py	33	5	85%	21–23, 51–56
run.py	46	2	96%	38, 174
src/algokit/cli/tasks
analyze.py	81	1	99%	81
assets.py	82	13	84%	65–66, 72, 74–75, 105, 119, 125–126, 132, 134, 136–137
ipfs.py	51	8	84%	52, 80, 92, 94–95, 105–107
mint.py	106	15	86%	51, 73, 100–103, 108, 113, 131–132, 158, 335–339
send_transaction.py	65	10	85%	52–53, 57, 89, 158, 170–174
sign_transaction.py	59	8	86%	21, 28–30, 71–72, 109, 123
transfer.py	39	3	92%	26, 90, 117
utils.py	114	46	60%	29–37, 43–46, 78–79, 103–104, 128–136, 155–165, 212, 261–262, 282–293, 300–302, 324
vanity_address.py	56	10	82%	41, 45–48, 112, 114, 121–123
wallet.py	79	4	95%	21, 66, 136, 162
src/algokit/core
codespace.py	175	68	61%	34–37, 41–44, 48–71, 111–112, 125–133, 191, 200–202, 210, 216–217, 229–236, 251–298, 311–313, 338–344, 348, 395
conf.py	57	9	84%	12, 24, 28, 36, 38, 73–75, 80
dispenser.py	202	26	87%	92, 124–125, 142–150, 192–193, 199–201, 219–220, 260–261, 319, 333–335, 346–347, 357, 370, 385
doctor.py	65	7	89%	67–69, 92–94, 134
generate.py	50	3	94%	44, 85, 103
goal.py	65	4	94%	21, 36–37, 47
init.py	72	10	86%	53, 57–62, 70, 81, 88, 114–115
log_handlers.py	68	7	90%	50–51, 63, 112–116, 125
proc.py	45	1	98%	99
sandbox.py	276	23	92%	32, 89–92, 97, 101–103, 174, 222–229, 240, 611, 627, 652, 660
typed_client_generation.py	206	21	90%	79–81, 127, 157–162, 186, 189–192, 210, 213–216, 283, 286–289
utils.py	150	40	73%	50–51, 57–69, 125–131, 155, 158, 164–177, 206–208, 237–240, 262
src/algokit/core/_vendor/auth0/authentication
token_verifier.py	157	111	29%	16, 45, 58, 73–85, 98–107, 119–124, 136–137, 140, 170, 178–180, 190–199, 206–213, 227–236, 258, 280–287, 314–323, 333–444
src/algokit/core/compilers
python.py	28	5	82%	19–20, 25, 49–50
src/algokit/core/config_commands
container_engine.py	41	21	49%	24, 29–31, 47–76
version_prompt.py	92	14	85%	37–38, 68, 87–90, 108, 118–125, 148
src/algokit/core/project
__init__.py	53	3	94%	50, 86, 145
bootstrap.py	120	8	93%	47, 126–127, 149, 176, 207–209
deploy.py	69	9	87%	108–111, 120–122, 126, 131
run.py	132	13	90%	83, 88, 97–98, 133–134, 138–139, 143, 147, 277–278, 293
src/algokit/core/tasks
analyze.py	93	3	97%	105–112, 187
ipfs.py	63	7	89%	58–64, 140, 144, 146, 152
nfd.py	49	13	73%	25, 31, 34–41, 70–72, 99–101
vanity_address.py	90	34	62%	49–50, 54, 59–75, 92–108, 128–131
wallet.py	71	5	93%	37, 129, 155–157
src/algokit/core/tasks/mint
mint.py	74	9	88%	123–133
models.py	92	17	82%	50, 52, 57, 71–74, 81–90
TOTAL	4968	769	85%

Tests	Skipped	Failures	Errors	Time
510	0 💤	0 ❌	0 🔥	28.959s ⏱️

[aorumbayev]

@neilcampbell @lempira - instead of forking and running whole e2e i ended up force setting codesigning flag to true to test the codesigning parts, you can see the run passing here https://github.com/algorandfoundation/algokit-cli/actions/runs/12680599041/job/35342740513. The last commit reverts the temporary forced true flag.