So this is a weird one... I am trying to implement a CODEFREEZE option in release pipelines so I can implement a global freeze to any release with an organization secret:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
steps:
- name: test
if: ${{ env.CODEFREEZE }} == "true"
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE }} == "false"
run: echo "code is NOT frozen"
For some reason, both of these run. I've tried setting the secret to a number of different values. I've tried using quotes and not using quotes, but nothing I do seems to have an effect. Am I missing something extremely obvious?
This does appear to work but I don't understand why:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: test
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
This also appears to work:
name: test code freeze
on:
push:
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: test
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
so the problem only exists when you set the env on the job level
Nevermind... I clearly have not had enough coffee... I found the syntax error:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
steps:
- name: test
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
It requires single quotes in the evaluation and the eval has to be inside the curly braces...