Run workflow only if secret is present

Dear everyone,

I want a workflow to only be run if a secret is available.
If not, I want it to either just exit with success or do something else.

In pseudocode:

if secret.available:
run A
else:
run B

Does anybody have any ideas and examples?

1 Like

@zethson,

You can use the APIs β€œList repository secrets” and β€œList organization secrets” to get the total count of the repository-level secrets and organization-level secrets. Then according to the total count to determine whether to continue the subsequent jobs.

To run these two APIs, you need to create a personal access token (PAT) that has the repo scope (access repository-level secrets) and admin:org scope (access organization-level secrets), and set this PAT as a secret in the repository or in the organization. Then you can use this PAT to authenticate in the workflow.

Due to the added authorization PAT, there is an existing secret at least. If you want to ignore the PAT in the secrets, you can set the available count to be more than 1. If the count is equal or less than 1, you can determine it as β€œNo available secrets”.
Here is an example as reference:

jobs:
  job1:
    runs-on: ubuntu-latest
    steps:
      - name: Count of secrets
        run: |
          echo "βž–βž–βž–βž–βž–βž–βž–βž– Count of repository secrets βž–βž–βž–βž–βž–βž–βž–βž–"
          repo_response=$(curl \
          -H "Authorization: token ${{ secrets.MY_GITHUB_PAT }}" \
          -H "Accept: application/vnd.github.v3+json" \
          https://api.github.com/repos/${{ github.repository }}/actions/secrets)
          
          echo "$repo_response"
          
          repo_count=$(echo "$repo_response" | jq '.total_count')
          echo "The count of secrets in current repository is $repo_count."
          
          echo "βž–βž–βž–βž–βž–βž–βž–βž– Count of organization secrets βž–βž–βž–βž–βž–βž–βž–βž–"
          org_response=$(curl \
          -H "Authorization: token ${{ secrets.MY_GITHUB_PAT }}" \
          -H "Accept: application/vnd.github.v3+json" \
          https://api.github.com/orgs/${{ github.repository_owner }}/actions/secrets)
          
          echo "$org_response"
          
          org_count=$(echo "$org_response" | jq '.total_count')
          echo "The count of secrets in current organization is $org_count."
          
          echo "βž–βž–βž–βž–βž–βž–βž–βž– Count of total secrets βž–βž–βž–βž–βž–βž–βž–βž–"
          total_count=$(( $repo_count + $org_count ))
          echo "The total count of secrets in is $total_count."
          
          if [[ $total_count -le 1 ]]; then
            echo "::error::No available secrets!"
            exit 1
          fi
  job2:
    needs: [job1]
    runs-on: ubuntu-latest
    steps:
      - name: run this job
        run: echo "This job will run if there are available secrets."

  job3:
    needs: [job1]
    runs-on: ubuntu-latest
    steps:
      - name: run this job
        run: echo "This job will run if there are available secrets."

When the total count of the secrets (repository-level and organization-level) is equal or less than 1, set job1 to be failed with the error message β€œNo available secrets!”. Then the subsequent jobs (job2 and job3) will be skipped.

Here’s a related question with alternative solutions: How can I test if secrets are available in an action?