Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 7

How can I test if secrets are available in an action?

Solved! Go to Solution.

I'd like an action to run on PRs from the main repo, but not from PRs from forked repos.

6 Replies
Highlighted
GitHub Partner
Message 2 of 7

Re: How can I test if secrets are available in an action?

Secrets are not passed to workflows that are triggered by a pull request from a fork. As you said , your PRs are within the main repo. Then the secrets could be passed in workflow. 

How do you use secrets in your action? Use secret variables as action input variable value? 

use secrets.png 

If so, you could check your logs , the secrets variable value will be masked with *** . 

secrets.png

If I misunderstanding your scenario, please share your workflow yml content here.  

Highlighted
Copilot Lvl 2
Message 3 of 7

Re: How can I test if secrets are available in an action?

To clarify, I'd like my CI to run all the jobs and pass when run from the main repo. When someone sends a PR from a forked repo, I'd still like the subset of jobs that don't require secrets to run and CI still to pass. 

 

I'll follow up with a detailed example in the next day or two...

Highlighted
Copilot Lvl 2
Message 4 of 7

Re: How can I test if secrets are available in an action?

I was able to get it working by testing every step of the job for the existence of the environment variable associated with the secret.  See https://github.com/firebase/firebase-ios-sdk/pull/5180.

 

It would be nicer if there were away to check for secrets availability at the job level.

Highlighted
GitHub Partner
Message 5 of 7

Re: How can I test if secrets are available in an action?

@paulb777 I checked your PR, you use secrets as the value of environment variables. You could set the env in job level.  Then the env could be used in your scripts directly. In bash, use it in syntax $var_name

jobs:
  build:
    env: 
      key1: ${{secrets.test2}} 
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2  
    - run: echo $key1
      if: ${{env.key1}} == 'aaa'

You could enable step debug logging, in set up job step, the secrets will be evaluated

set up job.png

 

Highlighted
Copilot Lvl 2
Message 6 of 7

Re: How can I test if secrets are available in an action?

Thanks @Yanjingzhu. Setting the secret environment variables at the job level is much cleaner.

 

I tried several different locations and variations for the `if` (see the commits in https://github.com/firebase/firebase-ios-sdk/pull/5188), but wasn't able to find a way to use it to disable the job when the secret environment variables are not available. 

Highlighted
Solution
GitHub Partner
Message 7 of 7

Re: How can I test if secrets are available in an action?

You can only use the env context in the value of the with and name keys, or in a step's if conditional.

It is not supported to use env in job's if conditional. 

And screrts context could not be used in if conditional, neither step's if nor step's if .

So, it is not possible to disable a job by identifying secrets . I am afraid that you need to add if contional to each steps.  Sorry for any inconvenience.