fix: use env vars instead of secrets in step-level if conditions#20
Merged
FutureUnreal merged 1 commit intomainfrom Feb 8, 2026
Merged
fix: use env vars instead of secrets in step-level if conditions#20FutureUnreal merged 1 commit intomainfrom
FutureUnreal merged 1 commit intomainfrom
Conversation
GitHub Actions does not support `secrets` context in step-level `if` expressions. Move secret checks to job-level `env` variables and reference them via `env.*` in step conditions. Affected workflows: - claude-issue-duplicate-check.yml - codex-issue-triage.yml
github-actions
bot
added
area/ci
Review Summary by QodoFix step-level if conditions using env vars instead of secrets
WalkthroughsDescription• Replace unsupported secrets context in step-level if conditions • Move secret checks to job-level env variables • Update step conditions to reference env.* variables • Affects two GitHub Actions workflows for issue processing Diagramflowchart LR
A["Step-level if conditions<br/>with secrets context"] -->|"Move to job-level env"| B["Job env variables<br/>with secret checks"]
B -->|"Reference in steps"| C["Step conditions<br/>using env.* syntax"]
File Changes1. .github/workflows/claude-issue-duplicate-check.yml
|
Code Review by Qodo🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)
Great, no issues found!Qodo reviewed your code and found no material issues that require reviewⓘ The new review experience is currently in Beta. Learn more |
Contributor
Greptile OverviewGreptile SummaryFixed GitHub Actions limitation where Changes:
This resolves the documented GitHub Actions constraint that prevents Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| .github/workflows/claude-issue-duplicate-check.yml | Correctly moves secret check from step-level if conditions to job-level env variable, resolving GitHub Actions limitation |
| .github/workflows/codex-issue-triage.yml | Correctly moves secret check from step-level if conditions to job-level env variable, resolving GitHub Actions limitation |
Sequence Diagram
sequenceDiagram
participant GHA as GitHub Actions
participant Job as Workflow Job
participant Env as Job Env Variables
participant Steps as Workflow Steps
Note over GHA,Steps: Issue Opened Event Triggered
GHA->>Job: Initialize job
Job->>Env: Set HAS_ANTHROPIC_KEY/HAS_OPENAI_KEY
Note over Env: Evaluate secrets.API_KEY != ''<br/>Store as 'true' or 'false' string
alt Secret is not configured
Env-->>Steps: HAS_*_KEY = 'false'
Steps->>Steps: Skip step: echo "API_KEY not configured"
Steps->>Steps: Skip all subsequent steps
else Secret is configured
Env-->>Steps: HAS_*_KEY = 'true'
Steps->>Steps: Checkout repository
Steps->>Steps: Ensure labels exist
Steps->>Steps: Load prompt
Steps->>Steps: Run AI action (Claude/Codex)
Steps->>GHA: Post comment or label to issue
end
|
Status
PR Size
Findings (diff-only)
Suggested REPO="datawhalechina/whale-whisper"
PR="20"
# Phase 2: size label
gh pr edit "$PR" --repo "$REPO" --add-label "size/XS"
# Phase 7: summary review
gh pr review "$PR" --repo "$REPO" --comment --body "$(cat <<'EOF'
## 🤖 Codex PR Review
No significant issues identified in this PR. Changes are limited to `.github/workflows/*` conditional gating logic.
### PR Size: XS
- **Lines changed**: 24
- **Files changed**: 2
### Issues Found
| Category | Critical | High | Medium | Low |
|----------|----------|------|--------|-----|
| Logic/Bugs | 0 | 0 | 0 | 0 |
| Security | 0 | 0 | 0 | 0 |
| Error Handling | 0 | 0 | 0 | 0 |
| Types | 0 | 0 | 0 | 0 |
| Comments/Docs | 0 | 0 | 0 | 0 |
| Tests | 0 | 0 | 0 | 0 |
| Simplification | 0 | 0 | 0 | 0 |
### Review Coverage
- [x] Logic and correctness
- [x] Security (OWASP Top 10)
- [x] Error handling
- [x] Type safety
- [x] Documentation accuracy
- [x] Test coverage
- [x] Code clarity
---
*Automated review by Codex AI*
EOF
)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub Actions does not support
secretscontext in step-levelifexpressions. Move secret checks to job-levelenvvariables and reference them viaenv.*in step conditions.Affected workflows:
变更说明
关联 Issue / 需求
自测方式
cd backend && uv run uvicorn app.main:app --reload --port 8090cd frontend && pnpm --filter @whalewhisper/web dev风险 & 回滚
Checklist
PR Checks)通过📝 PR 说明(Codex 自动生成)
HAS_ANTHROPIC_KEY/HAS_OPENAI_KEY环境变量,并用它统一控制后续 steps 执行。涉及.github/workflows/claude-issue-duplicate-check.yml与.github/workflows/codex-issue-triage.yml(共 2 个文件,14+/10-)。ANTHROPIC_API_KEY/OPENAI_API_KEY,新建一个 issue,确认对应 workflow 运行后只执行Skip (missing …)step,后续 steps 均被跳过Checkout、以及 Claude/Codex 对应的 action steps;同时codex-issue-triage仅在final-message非空时才会进入 “Apply labels and upsert comment”'true'的比较;若 GitHub Actions 对布尔表达式写入 env 的字符串表现变化,可能导致 steps 误跳过/误执行(仅影响 CI 工作流)