Expected runner group name to be available for job

[HebaruSan]

https://github.com/KSP-CKAN/CKAN/actions/runs/15833572503/job/44632446338

Does this Action need to be so intrusive into what other jobs and steps are doing? It makes it brittle and prone to unexpected weird problems. The GitHub workflow framework is not just flexible but requires custom design of build processes, and as users we have no way to anticipate what configuration decisions might break this thing. It would be really nice if this Action could just accept the input it's given, submit, and retrieve back the signed assets.

[paulsavoie]

Hello @HebaruSan,
thank you for the issue. I understand your frustration.

To clarify: This action does not automatically need to make those checks, but for OSS projects, there are policies in place that require all build jobs that influence the signed artifact to be executed on GitHub-hosted runners. These requirements are in place to ensure that the resulting binary has only been influenced by code from the OSS source code repository (and not bypassed by e.g. running scripts on a self-hosted build agent). We enforce these rules because our name (SignPath Foundation) is visible on the signature. If you bring your own certificate, you can use the same actions, but can choose which policies you want to enforce.

As for this particular issue: It's caused by a recent GitHub bug (where the runner information for some jobs is simply not available). We are in contact with GitHub and hope for this to be resolved soon.