Comment From: sjohnr
After some research, it turns out secrets cannot be used in conditionals in GitHub Actions. However, you can configure an environment with variables which can be accessed in conditionals.
For an OSS project, we could define an environment called upstream with variables for building the project, deploying artifacts, etc. Forks of the project will not have this environment, and therefore the variables. However, individual contributors can create the environment and control parts of the workflow they wish to run by setting the corresponding variables.
For example, imagine the following workflow:
name: Build and Deploy
on:
push:
workflow_dispatch:
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
jobs:
build:
name: Build
if: ${{ vars.BUILD_PROJECT == 'true' }}
runs-on: ubuntu-latest
environment: upstream
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: spring-io/spring-gradle-build-action@v2
- name: Build with Gradle
run: ./gradlew build --continue
deploy:
name: Deploy
needs: [build]
if: ${{ vars.DEPLOY_ARTIFACTS == 'true' }}
runs-on: ubuntu-latest
environment: upstream
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: spring-io/spring-gradle-build-action@v2
- name: Deploy artifacts
run: ./gradlew publishArtifacts finalizeDeployArtifacts --stacktrace
To cause parts of the workflow (jobs) to run, define an environment in settings called upstream. To run the build job, define a variable in that environment called BUILD_PROJECT with true. To run the job deploy, define DEPLOY_ARTIFACTS with true.
cc: @rwinch
Comment From: sjohnr
Note: You can also simply define repository variables if using an environment is not necessary.