Unable to access Repository Secret in GitHub Actions Workflow

I’m trying to pass an API key from a repo secret to an environment variable in a workflow. I’ve never had issues doing this before, but for some reason, it won’t work in this case.

In the repo (an open source project), under Actions secrets, the owner (I’m not the owner, but a collaborator) has created a STRIPE_API_KEY secret. I’ve confirmed with him how he made it, and it seems correct.

In the workflow, I’m doing this:

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

jobs:
  integration-tests:
    runs-on: ubuntu-latest
    env:
      STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
    steps:
      - if: ${{ env.STRIPE_API_KEY != '' }}
        run: echo 'STRIPE_API_KEY env var is set'
      - if: ${{ env.STRIPE_API_KEY == '' }}
        run: echo 'STRIPE_API_KEY env var is NOT set'
      - uses: actions/checkout@v3
      - name: Build and Start Containers
        run: docker-compose up -d
        ....

I’ve included the debug check on the value, and it shows:

STRIPE_API_KEY env var is NOT set

And the value is not there when docker-compose runs the containers. You can see a failing run here: Change how Stripe secrets are passed to docker-compose in GitHub Actions · mekkim/donatemask@f5acf9b · GitHub

I’ve tried running this as a PR, then merged and watched the same thing happen on main (i.e., I suspected it was a PR-from-Fork issue, but it wasn’t).

I’m confused what I’m doing wrong. I’ve never had this issue before: passing secrets around via environment variables has always worked in the past.

Is there something about this repo that’s different? For example, I notice it says “Public Template.” Are “template” repos somehow different? Is there something else I don’t understand or should be doing?

Thanks for any tips.

Dave
@humphd

Personally, I’d fork the repository, add my own dummy secret and confirm the env/if logic does what I expect.

The value for the secret can be dummy, it doesn’t have to be a real thing, since it’s just to test for behavior.

Fwiw, GitHub Action Runner supports two secrets for debugging itself.