GitHub Actions if statements can easily be coded incorrectly

I’ve noticed some repos using this syntax:

    if: ${{ github.event_name }} == 'schedule'

They think it means this:

    if: ${{ github.event_name == 'schedule' }}

But it does not because only the first part is an expression evaluation, so it always returns true (there is always a non-empty event_name) so the subsequent statements are always run, even if this is not a schedule run.!

This can be more worrying if workflows are checking branch names (e.g. so certain access happens when a protected main or master branch is changed), or checking users (so only certain users can run an action) as these may not be adding the protection that users think it is.

It would be better if GitHub Actions either recognised this syntax error and highlighted it to the user, or evaluated the whole expression as developer no doubt intended, rather than silently implementing the incorrect logic.

2 Likes