From 4f4c6d55c091aa9a5e4b57f282abfd77050a5845 Mon Sep 17 00:00:00 2001 From: Paul Swartz <pswartz@mbta.com> Date: Wed, 5 Jul 2023 18:40:05 -0400 Subject: [PATCH] fix: only run Asana jobs if the secrets are present This avoids failures when running on PRs from forks. We do it in this convoluted way because you can't access secrets directly from `if` blocks: https://github.com/actions/runner/issues/520 --- .github/workflows/asana.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/asana.yml b/.github/workflows/asana.yml index 236c384..a33bb0e 100644 --- a/.github/workflows/asana.yml +++ b/.github/workflows/asana.yml @@ -29,9 +29,17 @@ on: required: false description: GitHub secret that Asana uses to fetch PR information. jobs: + check-for-secrets: + runs-on: ubuntu-latest + outputs: + has-asana-token: ${{ secrets.asana-token != '' }} + has-github-secret: ${{ secrets.github-secret != '' }} + steps: + - run: true move-to-merged-asana-ticket-job: runs-on: ubuntu-latest - if: inputs.merged-section != '' && github.event.pull_request.merged == true && github.actor != 'dependabot[bot]' + needs: check-for-secrets + if: inputs.merged-section != '' && needs.check-for-secrets.output.has-asana-token == 'true' && github.event.pull_request.merged == true && github.actor != 'dependabot[bot]' steps: - name: Move ticket on merge uses: mbta/github-asana-action@v4.3.0 @@ -42,7 +50,8 @@ jobs: mark-complete: ${{ inputs.complete-on-merge }} move-to-in-review-asana-ticket-job: runs-on: ubuntu-latest - if: inputs.review-section != '' && github.event.action == 'review_requested' && github.actor != 'dependabot[bot]' + needs: check-for-secrets + if: inputs.review-section != '' && needs.check-for-secrets.output.has-asana-token == 'true' && github.event.action == 'review_requested' && github.actor != 'dependabot[bot]' steps: - name: Move ticket on review requested uses: mbta/github-asana-action@v4.3.0 @@ -52,8 +61,9 @@ jobs: target-section: ${{ inputs.review-section }} create-asana-attachment-job: runs-on: ubuntu-latest + needs: check-for-secrets name: Create pull request attachments on Asana tasks - if: inputs.attach-pr && github.actor != 'dependabot[bot]' + if: inputs.attach-pr && needs.check-for-secrets.output.has-github-secret == 'true' && github.actor != 'dependabot[bot]' steps: - name: Create pull request attachments uses: Asana/create-app-attachment-github-action@v1.2