GitHub Actions if statements can easily be coded incorrectly

I’ve noticed some repos using this syntax:

    if: ${{ github.event_name }} == 'schedule'

They think it means this:

    if: ${{ github.event_name == 'schedule' }}

But it does not because only the first part is an expression evaluation, so it always returns true (there is always a non-empty event_name) so the subsequent statements are always run, even if this is not a schedule run.!

This can be more worrying if workflows are checking branch names (e.g. so certain access happens when a protected main or master branch is changed), or checking users (so only certain users can run an action) as these may not be adding the protection that users think it is.

It would be better if GitHub Actions either recognised this syntax error and highlighted it to the user, or evaluated the whole expression as developer no doubt intended, rather than silently implementing the incorrect logic.

2 Likes

Hey @tunetheweb, just wanted to let you know that this feedback was brought up to the Actions Product Manager, @ethomson, during our recent Actions AMA. He said he’d make sure that feedback gets to the right place, so thanks so much for sharing it here :sparkles:

1 Like

Thanks for following up! Meant to dial into that AMA but didn’t get a chance but this reminded me to watch this. Hopefully we can get a warning or something for this as have seen it multiple times.

3 Likes