Look before leaping

[jsoref]

Discussion

#8274
#8275 (comment)

Testing

Yes

API Changes

[changeset-bot]

⚠️ No Changeset found

Latest commit: f74376c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[dlarocque]

Is there a way we can perform this check without adding noise to our already long workflow file?

[jsoref]

It's possible you don't need to check all of these inputs.

If the programs can be changed to not die if the variables are missing, then this kind of stuff wouldn't be necessary.

But, generally GitHub workflows don't expose secrets to if, so you do kinda need to expose something if the called programs will die when missing environment variables.

You can manipulate the env setting to produce a single HAS_ALL_REQUIRED_SECRETS: ${{ (secrets.x != '') && ... && 1 || 0 }} or something like that...
And then if: env.HAS_ALL_REQUIRED_SECRETS }}

[dlarocque]

It's possible you don't need to check all of these inputs.

If the programs can be changed to not die if the variables are missing, then this kind of stuff wouldn't be necessary.

But, generally GitHub workflows don't expose secrets to if, so you do kinda need to expose something if the called programs will die when missing environment variables.

You can manipulate the env setting to produce a single HAS_ALL_REQUIRED_SECRETS: ${{ (secrets.x != '') && ... && 1 || 0 }} or something like that...
And then if: env.HAS_ALL_REQUIRED_SECRETS }}

I see, so there doesn't seem like a cleaner alternative.
Are there any reasons why we'd want to add these checks aside from being able to run them in forks? These are all release workflows that should never be ran in forks.

[jsoref]

You could simplify to if: github.repository == '... '.

But that'd make it harder for an external to contribute patches.

[dlarocque]

You could simplify to if: github.repository == '... '.

But that'd make it harder for an external to contribute patches.

Since these workflows are only used by our team and should never be ran on forks, I don't think this makes it harder for anyone external to contribute.