Run workflow only if secret is present #25444

Zethson · 2020-08-13T15:02:13Z

Zethson
Aug 13, 2020

Dear everyone,

I want a workflow to only be run if a secret is available.
If not, I want it to either just exit with success or do something else.

In pseudocode:

if secret.available:
run A
else:
run B

Does anybody have any ideas and examples?

Answered by BrightRan

Aug 14, 2020

@zethson,

You can use the APIs “List repository secrets” and “List organization secrets” to get the total count of the repository-level secrets and organization-level secrets. Then according to the total count to determine whether to continue the subsequent jobs.

To run these two APIs, you need to create a personal access token (PAT) that has the repo scope (access repository-level secrets) and admin:org scope (access organization-level secrets), and set this PAT as a secret in the repository or in the organization. Then you can use this PAT to authenticate in the workflow.

Due to the added authorization PAT, there is an existing secret at least. If you want to ignore the PAT in the secre…

View full answer

BrightRan · 2020-08-14T06:04:50Z

BrightRan
Aug 14, 2020

@zethson,

You can use the APIs “List repository secrets” and “List organization secrets” to get the total count of the repository-level secrets and organization-level secrets. Then according to the total count to determine whether to continue the subsequent jobs.

To run these two APIs, you need to create a personal access token (PAT) that has the repo scope (access repository-level secrets) and admin:org scope (access organization-level secrets), and set this PAT as a secret in the repository or in the organization. Then you can use this PAT to authenticate in the workflow.

Due to the added authorization PAT, there is an existing secret at least. If you want to ignore the PAT in the secrets, you can set the available count to be more than 1. If the count is equal or less than 1, you can determine it as “No available secrets”.
Here is an example as reference:

GitHub

TestWorkflowsRML/RunAPI

Contribute to TestWorkflowsRML/RunAPI development by creating an account on GitHub.

jobs:
  job1:
    runs-on: ubuntu-latest
    steps:
      - name: Count of secrets
        run: |
          echo "➖➖➖➖➖➖➖➖ Count of repository secrets ➖➖➖➖➖➖➖➖"
          repo_response=$(curl \
          -H "Authorization: token ${{ secrets.MY_GITHUB_PAT }}" \
          -H "Accept: application/vnd.github.v3+json" \
          https://api.github.com/repos/${{ github.repository }}/actions/secrets)
          
          echo "$repo_response"
          
          repo_count=$(echo "$repo_response" | jq '.total_count')
          echo "The count of secrets in current repository is $repo_count."
          
          echo "➖➖➖➖➖➖➖➖ Count of organization secrets ➖➖➖➖➖➖➖➖"
          org_response=$(curl \
          -H "Authorization: token ${{ secrets.MY_GITHUB_PAT }}" \
          -H "Accept: application/vnd.github.v3+json" \
          https://api.github.com/orgs/${{ github.repository_owner }}/actions/secrets)
          
          echo "$org_response"
          
          org_count=$(echo "$org_response" | jq '.total_count')
          echo "The count of secrets in current organization is $org_count."
          
          echo "➖➖➖➖➖➖➖➖ Count of total secrets ➖➖➖➖➖➖➖➖"
          total_count=$(( $repo_count + $org_count ))
          echo "The total count of secrets in is $total_count."
          
          if [[ $total_count -le 1 ]]; then
            echo "::error::No available secrets!"
            exit 1
          fi
  job2:
    needs: [job1]
    runs-on: ubuntu-latest
    steps:
      - name: run this job
        run: echo "This job will run if there are available secrets."

  job3:
    needs: [job1]
    runs-on: ubuntu-latest
    steps:
      - name: run this job
        run: echo "This job will run if there are available secrets."

When the total count of the secrets (repository-level and organization-level) is equal or less than 1, set job1 to be failed with the error message “No available secrets!”. Then the subsequent jobs (job2 and job3) will be skipped.

0 replies

GabLeRoux · 2020-10-17T12:55:41Z

GabLeRoux
Oct 17, 2020

Here’s a related question with alternative solutions: How can I test if secrets are available in an action?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Run workflow only if secret is present #25444

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

GitHub Community

Run workflow only if secret is present #25444

Zethson Aug 13, 2020

Replies: 2 comments

BrightRan Aug 14, 2020

TestWorkflowsRML/RunAPI

GabLeRoux Oct 17, 2020

Zethson
Aug 13, 2020

BrightRan
Aug 14, 2020

GabLeRoux
Oct 17, 2020