Document how to use secrets with if: conditionals in GitHub Actions workflows (#12722)

* 🔒 Document how to use secrets with `if:` github/docs#6861 github/docs#12722 - Add a complete workflow example to `jobs.<job_id>.steps[*].if`, demonstrating how to skip a step if a secret is not present - Add an explanation to "Using encrypted secrets in a workflow" - Cross-reference the two pages * 🔒 Compare secrets with empty strings in `if:` github/docs#6861 https://github.com/github/docs/pull/12722#discussion_r801011000 Rather than referencing two secrets: 1. `${{ secrets.SECRET_IS_SET }}` 2. `${{ secrets.SECRET_IS_NOT_SET }}`) This commit will update the related section of the docs to reference a single secret (`${{ secrets.SECRET_IS_SET }}`), and will update the `if:` conditionals to compare with empty strings as suggested. * 🔒 Add missing `{% raw %}`/`{% endraw %}` github/docs#6861 github/docs#12722 Some `${{ }}` values were converted to `$` in the preview environment. Adding `{% raw %}`/`{% endraw %}` will preserve the raw value. * 🔒 Match variable and secret names in examples github/docs#6861 https://github.com/github/docs/pull/12722#discussion_r801011000 This PR adds an example of how to use secrets with `if:` conditionals. The reviewer suggested comparing variable values with empty strings to make the `if:` conditionals clearer. Commit cecdf00 updated the secret names accordingly, but the names of the secret and environment variable may still have been confusing. This commit will update the secret and environment variable names to match the cross-referenced example on the "Encrypted secrets" page. * Update content/actions/using-workflows/workflow-syntax-for-github-actions.md Co-authored-by: hubwriter <hubwriter@github.com>
2025-12-22 11:26:57 -05:00 · 2022-03-18 10:20:40 -04:00
parent e913ff3c3b
commit 06cf952123
2 changed files with 29 additions and 0 deletions
--- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md
+++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md
@@ -342,6 +342,31 @@ steps:
    uses: actions/heroku@1.0.0
 ```

+#### Example: Using secrets
+
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job.
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
+{% raw %}
+```yaml
+name: Run a step if a secret has been set
+on: push
+jobs:
+  my-jobname:
+    runs-on: ubuntu-latest
+    env:
+      super_secret: ${{ secrets.SuperSecret }}
+    steps:
+      - if: ${{ env.super_secret != '' }}
+        run: echo 'This step will only run if the secret has a value set.'
+      - if: ${{ env.super_secret == '' }}
+        run: echo 'This step will only run if the secret does not have a value set.'
+```
+{% endraw %}
+
+For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
 ### `jobs.<job_id>.steps[*].name`

 A name for your step to display on {% data variables.product.prodname_dotcom %}.