Skip to content

fix(ci): remove secrets from if expressions in preview-cron#748

Open
dante01yoon wants to merge 1 commit intomainfrom
fix/preview-cron-secrets-in-if
Open

fix(ci): remove secrets from if expressions in preview-cron#748
dante01yoon wants to merge 1 commit intomainfrom
fix/preview-cron-secrets-in-if

Conversation

@dante01yoon
Copy link
Copy Markdown
Contributor

@dante01yoon dante01yoon commented Mar 28, 2026

Summary

  • Bug: secrets.* in if: expressions causes GitHub Actions to reject the entire workflow file (Unrecognized named-value: secrets). This broke all scheduled preview-cron runs since PR Fix preview cron: read VERCEL_PREVIEW_ALIAS from secrets #743 (March 27).
  • Fix: Move secret-existence checks from if: conditions into shell scripts.
  • Refactor: Merge two duplicate alias steps into one parametric step that selects the correct alias via API_ENV.

Root Cause

# ❌ GitHub Actions does not allow secrets in if expressions
if: matrix.is_main && matrix.api_env == 'production' && secrets.VERCEL_PREVIEW_ALIAS
# ✅ Check in shell instead
if: matrix.is_main
run: |
  if [ "$API_ENV" = "production" ]; then ALIAS="$PROD_ALIAS"; else ALIAS="$TEST_ALIAS"; fi
  if [ -n "$ALIAS" ]; then npx vercel alias ...; fi

Environment Matrix (unchanged)

Scenario ref api_env Alias domain
Preview Prod main production VERCEL_PREVIEW_ALIAS
Preview Test main test VERCEL_PREVIEW_TEST_ALIAS
PR Preview PR branch test (no alias, comments URL on PR)

Test Plan

  • workflow_dispatch trigger succeeds (currently fails with parse error)
  • Scheduled runs resume every 15 minutes
  • Production API preview aliased to VERCEL_PREVIEW_ALIAS
  • Test API preview aliased to VERCEL_PREVIEW_TEST_ALIAS
  • PR previews still post comment with URL

@dante01yoon
fix(ci): remove secrets from if expressions in preview-cron
598bfd2 
GitHub Actions does not allow `secrets.*` in `if:` expressions
("Unrecognized named-value: secrets"), causing the entire workflow
to fail parsing. This broke all scheduled runs since PR #743.

- Remove `secrets.VERCEL_PREVIEW_ALIAS` / `secrets.VERCEL_PREVIEW_TEST_ALIAS` from step `if:` conditions
- Merge two duplicate alias steps into one parametric step
- Select alias via shell `if` on `API_ENV` to avoid silent fallthrough when a secret is unset
@dante01yoon dante01yoon force-pushed the fix/preview-cron-secrets-in-if branch from 5a77a16 to 598bfd2 Compare March 28, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@christian-byrne christian-byrne christian-byrne approved these changes

Assignees

@dante01yoon dante01yoon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dante01yoon @christian-byrne