vscode-github-actions icon indicating copy to clipboard operation
vscode-github-actions copied to clipboard
verified publisher icon github

false positive error on `secrets` context access in forks

Open OmarTawfik opened this issue 1 year ago • 3 comments

For a workflow that accesses secrets:

      - name: "publish npm"
        uses: "./.github/actions/publish-npm"
        env:
          NPM_TOKEN: "${{ secrets.NPM_TOKEN }}"

The extension is very helpful in checking if the secret NPM_TOKEN is actually defined or not. However, it only checks secrets defined in the same repository (I suspect origin remote), and reports a false-positive error if it was defined in upstream, and origin is actually pointing to a fork:

Context access might be invalid: NPM_TOKEN

Expected behavior

All remotes to be checked for secrets, not just origin, and the error is no longer reported.

Screenshots

image

Extension Version v0.26.3

OmarTawfik avatar Aug 20 '24 15:08 OmarTawfik

cc @felipesu19

OmarTawfik avatar Oct 08 '24 12:10 OmarTawfik

I still have this although it works just fine. Did anyone come up with the solution to suppress the warnings?

elliottAtTreatment avatar Feb 10 '25 21:02 elliottAtTreatment

Can still repro on latest version 0.27.1.

OmarTawfik avatar Feb 11 '25 03:02 OmarTawfik