I want to check that all necessary secrets exist and fail the build if some of them are missing.
In my script I have this step
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: ${{ env.secret_key1 == '' }} || ${{ env.secret_key2 == '' }} || ${{ env.secret_key3 == '' }}
run: exit 1
but this always exists with status code 1, even if all secrets are present. I have checked that if I use only one secret it works correctly, e.g.
- name: Check if secret exists
env:
secret_key: ${{ secrets.MY_SECRET }}
if: ${{ env.secret_key == '' }}
run: exit 1
Am I using wrong syntax or is the problem somewhere else?
Your condition should look like this:
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: ${{ (env.secret_key1 == '') || (env.secret_key2 == '') || (env.secret_key3 == '') }}
run: exit 1
Also, you can omit the expression syntax (${{ }}
) because GitHub automatically evaluates the if
conditional as an expression:
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: env.secret_key1 == '' || env.secret_key2 == '' || env.secret_key3 == ''
run: exit 1
Screenshot: click
For more information, see Expressions.