Skip to content

fix(helm-publish): fix secrets reference in if condition#1

Merged
samuelho-dev merged 1 commit intomainfrom
fix/secrets-in-if-condition
Feb 4, 2026
Merged

fix(helm-publish): fix secrets reference in if condition#1
samuelho-dev merged 1 commit intomainfrom
fix/secrets-in-if-condition

Conversation

@samuelho-dev
Copy link
Owner

@samuelho-dev samuelho-dev commented Feb 4, 2026
edited by coderabbitai bot
Loading

Summary

GitHub Actions doesn't allow direct secrets references in if: conditions for reusable workflows. This PR moves the secret access to an environment variable and checks it at runtime.

Changes

  • Modified Import GPG key step to check for GPG key at runtime instead of in if: condition

Test plan

  • Trigger helm-publish workflow in ai-dev-env after merging this fix

Summary by CodeRabbit

  • Chores
    • Enhanced Helm chart publishing workflow with improved GPG key handling. The workflow now gracefully manages chart publication whether GPG keys are available or not, providing better error handling and control flow for more reliable publishing regardless of signing configuration.

@samuelho-dev @claude
fix(helm-publish): fix secrets reference in if condition
e21fe11 
GitHub Actions doesn't allow direct secrets references in `if:` conditions
for reusable workflows. Move the secret access to an environment variable
and check it at runtime instead.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@samuelho-dev samuelho-dev merged commit 01ce0b1 into main Feb 4, 2026
2 of 3 checks passed
@coderabbitai
Copy link

coderabbitai bot commented Feb 4, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Modified the Helm publish workflow's GPG key import step to use conditional logic with an environment variable instead of relying on a step-level condition. The GPG key is now imported only if the environment variable is non-empty, otherwise a warning is logged and the step proceeds.

Changes

Cohort / File(s) Summary
Helm Publish Workflow
.github/workflows/helm-publish.yml		 Refactored GPG key import step condition: moved from step-level check of secrets.gpg-private-key to conditional logic within the step using GPG_KEY environment variable. Now gracefully skips import with a warning when no key is provided.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A hop through CI, so sleek and bright,
GPG keys now conditional, just right!
No more harsh failures when secrets are bare,
A warning whispered through the publish air. 🔑✨

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/secrets-in-if-condition

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

  • 136.113.208.247/32 (new)
  • 34.170.211.100/32
  • 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samuelho-dev