fix: restore release.yml and remove secrets.IMAGE_NAME to fix output secret warning#445
Merged
fix: restore release.yml and remove secrets.IMAGE_NAME to fix output secret warning#445
Conversation
Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update dependencies and improve Dockerfile installation process
fix: restore release.yml and fix IMAGE_NAME output secret warning
Feb 19, 2026
Owner
|
@copilot Will it fix |
…output warning Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
Author
The Fixed in ba1ec71 by moving the |
Owner
|
@copilot Nope, the issue persisted before I added mask. |
…ectly Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
Author
Copilot
AI
changed the title
fix: restore release.yml and fix IMAGE_NAME output secret warning
fix: restore release.yml and remove secrets.IMAGE_NAME to fix output secret warning
Feb 19, 2026
devakesu
approved these changes
Feb 19, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR restores the complete release.yml workflow that was accidentally replaced with a stub in commit 258452f, and fixes a GitHub Actions warning by removing secrets.IMAGE_NAME from the workflow. The image name is now derived directly from github.repository (the repository name lowercased), which is the same fallback logic already used throughout the workflow.
Changes:
- Restored the full 754-line
release.ymlworkflow from the broken 7-line stub - Removed
secrets.IMAGE_NAMEfrom the "Prepare derived values" step to fix "Skip output 'image_name' since it may contain secret" warning - Image name is now always derived from
github.repositoryusing the same transformation logic present in downstream fallbacks
devakesu
added a commit
that referenced
this pull request
Feb 20, 2026
…secret warning (#445) * Initial plan * fix: restore release.yml and fix IMAGE_NAME output warning with printf Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * fix: write image_name to GITHUB_OUTPUT before masking to fix skipped output warning Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * fix: remove secrets.IMAGE_NAME — derive image name from repo name directly Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
devakesu
added a commit
that referenced
this pull request
Feb 20, 2026
* chore: update dependencies and improve Dockerfile npm installation process, refine few lines, update supabase workflow * Update .github/workflows/deploy-supabase.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Devanarayanan <fusion@devakesu.com> * Update line 238 in release.yml to format IMAGE_NAME correctly * fix: restore release.yml and remove secrets.IMAGE_NAME to fix output secret warning (#445) * Initial plan * fix: restore release.yml and fix IMAGE_NAME output warning with printf Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * fix: write image_name to GITHUB_OUTPUT before masking to fix skipped output warning Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * fix: remove secrets.IMAGE_NAME — derive image name from repo name directly Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * Update eslint-config-next and typescript-eslint versions Signed-off-by: Devanarayanan <fusion@devakesu.com> --------- Signed-off-by: Devanarayanan <fusion@devakesu.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
Previous commit (
258452f) accidentally replaced the entire 754-linerelease.ymlwith a stub. Restores the full workflow and fixes the GitHub Actions warning "Skip output 'image_name' since it may contain secret."Root cause:
IMAGE_NAME_SECRET: ${{ secrets.IMAGE_NAME }}— GitHub Actions automatically masks all secret values. When a secret-derived value is written to$GITHUB_OUTPUT, GitHub Actions detects it and skips the output entirely. This occurs regardless of masking order or shell tricks likeprintf '%s'.Fix: Remove
secrets.IMAGE_NAMEfrom the step entirely. The image name is derived directly fromgithub.repository(the same fallback logic already present in the step and used in all downstream jobs), eliminating any secret involvement and the warning at its root.Type of Change
Changes Made
release.ymlto its full 754-line state (reverted broken stub from258452f)secrets.IMAGE_NAMEfrom the "Prepare derived values" step and the::add-mask::call; image name is now always derived fromgithub.repository(lowercased repo name), matching the existing fallback used throughout the workflowVersion Bump
node scripts/bump-version.js(fork PRs)Testing
Test Environment
Tests Performed
npm run test)npm run test:e2e)npm run lint)Test Coverage
Workflow syntax verified. Deriving the image name from
github.repositoryis consistent with the fallback logic already used in the build and downstream verify/deploy jobs, so no behavior change occurs for this repository.Documentation
Checklist
Screenshots (if applicable)
N/A
Additional Notes
GitHub Actions automatically masks every value injected via the
secretscontext. Any step that writes a masked value to$GITHUB_OUTPUTwill have that output silently skipped with the "Skip output since it may contain secret" warning — regardless of ordering or encoding tricks. The only reliable fix is to avoid using a secret as the source of the value. Since the image name is not sensitive, removing it from secrets and deriving it from the repository context is the correct solution.For maintainers:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.