From 1aeb7fd43de4b009fcedc4650907df596024d284 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 19 May 2026 20:57:05 +0000 Subject: [PATCH] Fix deploy-prod workflow: drop invalid job-level secrets gate The `if: secrets.X != ''` job-level conditional in deploy-prod.yml was rejected by GitHub Actions at parse time ("Unrecognized named-value: 'secrets'"), so every run since the workflow landed failed before reaching any step. The `secrets` context is only available inside steps (`steps[*].if`, `steps[*].env`, etc.), not at the job-level `if:`. The gate was intended for first-time setup; setup is now complete, so the simplest fix is to remove it. If the key is rotated/missing, the deploy step will fail loudly on the SSH push, which is the right behavior. --- .github/workflows/deploy-prod.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 88767a0..b84318c 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -15,9 +15,6 @@ permissions: jobs: deploy: - # Skip silently when the cross-repo deploy key hasn't been configured - # yet, so first-time setup doesn't fail the workflow. - if: ${{ secrets.CELESTIARY_GITHUB_IO_DEPLOY_KEY != '' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v6.0.2