Use Azure Trusted Signing when available (#1038)

Author: speednoisemovement

.github/workflows/build-toolchain.yml

@@ -151,6 +151,14 @@ on:
         required: true
       R2_SECRET_ACCESS_KEY:
         required: true
+      AZURE_SP_CREDENTIALS:
+        required: false
+      TRUSTED_SIGNING_ACCOUNT:
+        required: false
+      TRUSTED_SIGNING_TEST_PROFILE:
+        required: false
+      TRUSTED_SIGNING_PROD_PROFILE:
+        required: false
 
 jobs:
   context:
@@ -313,8 +321,7 @@ jobs:
           fi
 
           if [[ "${{ github.event_name }}" == "schedule" || "${{ inputs.signed }}" == "true" ]]; then
-            # FIXME(compnerd) enable this when requested
-            echo signed=false >> ${GITHUB_OUTPUT}
+            echo signed=true >> ${GITHUB_OUTPUT}
           else
             echo signed=false >> ${GITHUB_OUTPUT}
           fi
@@ -632,6 +639,10 @@ jobs:
       R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
       R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
       R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
+      AZURE_SP_CREDENTIALS: ${{ secrets.AZURE_SP_CREDENTIALS }}
+      TRUSTED_SIGNING_ACCOUNT: ${{ secrets.TRUSTED_SIGNING_ACCOUNT }}
+      TRUSTED_SIGNING_TEST_PROFILE: ${{ secrets.TRUSTED_SIGNING_TEST_PROFILE }}
+      TRUSTED_SIGNING_PROD_PROFILE: ${{ secrets.TRUSTED_SIGNING_PROD_PROFILE }}
 
   mac-build:
     # TODO: Enable the mac build.