fix(ci): use env vars instead of secrets in step if conditions#14711
Merged
davidkonigsberg merged 1 commit intomainfrom Apr 7, 2026
Merged
fix(ci): use env vars instead of secrets in step if conditions#14711davidkonigsberg merged 1 commit intomainfrom
davidkonigsberg merged 1 commit intomainfrom
Conversation
The secrets context cannot be used directly in step-level if expressions. GitHub Actions rejects this with 'Unrecognized named-value: secrets'. Use env vars to pass the secret value and check the env var instead. Co-Authored-By: David Konigsberg <davidakonigsberg@gmail.com>
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
Contributor
🌱 Seed Test SelectorSelect languages to run seed tests for:
How to use: Click the ⋯ menu above → "Edit" → check the boxes you want → click "Update comment". Tests will run automatically and snapshots will be committed to this PR. |
Swimburger
approved these changes
Apr 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes broken CI and Seed workflows on
mainintroduced by #14676. Bothci.ymlandseed.ymlfail at workflow validation with:The
secretscontext cannot be referenced directly in step-levelifexpressions (likely due toworkflow_callbeing a trigger inseed.yml, which changes secrets context availability, and stricter validation inci.yml).Changes Made
ci.yml(test-etejob, line 183): Changedif: ${{ secrets.DOCKER_USERNAME_PUBLIC_READONLY != '' }}→if: ${{ env.DOCKERHUB_USERNAME != '' }}with a step-levelenvmapping the secret to an env varseed.yml(benchmarkjob, line 869): Same fixThe
withblocks still referencesecretsdirectly for the actual login credentials, which is valid — only theifexpression needed the workaround.Review Checklist
envis evaluated before the step'sifcondition (per GitHub docs, it is)secretsinwith:blocks still works correctly (it should —withinputs are evaluated in a different context thanif)cached-seed) already avoids this issue by accepting credentials asinputs, not referencingsecretsdirectlyTesting
Link to Devin session: https://app.devin.ai/sessions/59c37d5afae04814afa3f96c447a28ab
Requested by: @davidkonigsberg