Cannot use secrets.xyz in `if:` statement

If a parent repo has an action that has steps that rely on values in secrets I’d like to skip steps if some secrets are not defined in downstream forks. Otherwise, the fork will attempt to do the step, then fail, causing a failure notification. The way around this is to check in the shell command, but it would be more efficient to skip the step if the if: condition failed, not causing the step to consume compute time.

When I do this, it fails that secrets is The workflow is not valid. .github/workflows/main.yml (Line: 13, Col: 13): Unrecognized named-value: 'secrets'.

jobs:
  deploy:
    runs-on: ...
    steps:
    - name: something
      if: ${{ secrets.NEEDED_FOR_DEPLOY_BUT_FORKS_WILL_NOT_HAVE }} != ""
     run: |

The workaround is to check in the run command, but this means that steps that don’t have run cannot be efficiently skipped, which uses up the compute time.

Any way to enhance actions to support checking for secrets existence in the if: statement?

1 Like

You could use a small job that checks if the secret is present and produces an output you can use in the if condition:

Also note that you need to either wrap the whole expression for the if in ${{ ... }}, or omit those altogether.

Thanks for your help, but your code example is what I’m already doing, as I pointed out in the post. What I’m really asking is for the github action team to allow us to check the secrets context in the yaml if: statement, which is before the run statement.

Ah, I see. I though you were referring to using if conditions for each of the run steps in the deploy job.