We Keep Coding

GitHub Action not evaluating correctly

So this is a weird one... I am trying to implement a CODEFREEZE option in release pipelines so I can implement a global freeze to any release with an organization secret:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
steps:
- name: test
if: ${{ env.CODEFREEZE }} == "true"
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE }} == "false"
run: echo "code is NOT frozen"
For some reason, both of these run. I've tried setting the secret to a number of different values. I've tried using quotes and not using quotes, but nothing I do seems to have an effect. Am I missing something extremely obvious?
This does appear to work but I don't understand why:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: test
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
This also appears to work:
name: test code freeze
on:
push:
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: test
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
so the problem only exists when you set the env on the job level

Nevermind... I clearly have not had enough coffee... I found the syntax error:
name: test code freeze
on:
push:
jobs:
test:
runs-on: ubuntu-latest
env:
CODEFREEZE: ${{ secrets.CODEFREEZE }}
steps:
- name: test
if: ${{ env.CODEFREEZE == 'true' }}
run: echo "code is frozen"
- name: test unfreeze
if: ${{ env.CODEFREEZE == 'false' }}
run: echo "code is NOT frozen"
It requires single quotes in the evaluation and the eval has to be inside the curly braces...

fatal: could not read Username for 'https://github.com': terminal prompts disabled

I'm trying to integrate Lighthouse CI into my CI/CD to generate reports on my applications performance. I'm using GitHub Actions, and other jobs like building the app and generating a SonarCloud scan are working.
However Lighthouse CI is not working. The error is: Error: fatal: could not read Username for 'https://github.com': terminal prompts disabled
Code:
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
lighthouse:
name: Lighthouse CI
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
token: ${{ secrets.LHCI_GITHUB_APP_TOKEN }}
submodules: recursive
- name: Use Node.js 16.x
uses: actions/setup-node#v3
with:
node-version: 16.x
- name: Run the Lighthouse CI
run: |
npm install -g #lhci/cli#0.6.x
lhci autorun
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
node-version: [ 16.x ]
steps:
- uses: actions/checkout#v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci
- run: npm run build --if-present
- run: npm test
- name: Log in to the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=sha
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Screenshot of GitHub Actions:

hi，i find a issue for the problem。
https://github.com/actions/checkout/issues/664
“For a simple checkout indeed no PAT is required.”
so you can try remove token
lighthouse:
name: Lighthouse CI
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
# token: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} // remove
submodules: recursive
- name: Use Node.js 16.x
uses: actions/setup-node#v3
with:
node-version: 16.x
- name: Run the Lighthouse CI
run: |
npm install -g #lhci/cli#0.6.x
lhci autorun

Buildx failed with: ERROR: failed commit on ref "manifest-sha256:xxx": invalid content digest in response: invalid checksum digest format

I have a react app and I'm trying to set up ci/cd for this application.
I'm getting an error like this in GitHub actions and I get this error during "exporting to image"
name: "deploy-prod"
on:
push:
branches:
- "configure-ci/cd-pipeline-to-frontend-repo"
env:
REPOSITORY_NAME: ${{ github.event.repository.name }}
REACT_APP_BASENAME: "FooApp"
jobs:
build-backend:
runs-on: ubuntu-latest
steps:
- id: string
uses: ASzc/change-string-case-action#v1
with:
string: ${{ secrets.REGISTRY_HOST }}/${{ github.repository }}:build-${{ github.run_number }}
- name: Set up QEMU
uses: docker/setup-qemu-action#v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action#v2
- name: Login to Docker Hub
uses: docker/login-action#v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and push
uses: docker/build-push-action#v3
with:
push: true
tags: ${{ steps.string.outputs.lowercase }}
build-args: |
REACT_APP_BASENAME=${{ env.REACT_APP_BASENAME }}
NGINX_AUTH_USERNAME=${{ secrets.NGINX_AUTH_USERNAME }}
NGINX_AUTH_PASSWORD=${{ secrets.NGINX_AUTH_PASSWORD }}
deploy-backend:
runs-on: [ self-hosted ]
needs: [ build-backend ]
steps:
- id: string
uses: ASzc/change-string-case-action#v1
with:
string: ${{ secrets.REGISTRY_HOST }}/${{ github.repository }}:build-${{ github.run_number }}
- name: Login to Docker Hub
uses: docker/login-action#v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: docker rm -f ${{ env.REPOSITORY_NAME }} 2> /dev/null
- run: >
docker run
--network=main
--detach
--restart unless-stopped
--name=${{ github.event.repository.name }}
${{ steps.string.outputs.lowercase }}
I have github-runner and docker-registry in my server. Docker registry is running on the server, I checked it

Github action actions/create-release#v1 newTag based on step from another job

I have a github action yml file that i'm having issues in 2 areas first is the newTag is no longer working when I broke everything out into separate job names.
These lines no longer work. I get release-v instead of the actual bumped version number.
tag_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
release_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
Second Issue: The if statement for docker build
if: github.ref == 'ref/head/release' || contains(github.ref, '/tags/release')
The above if does not work. If I add a branch called release/test or using a tag name release it does not run
name: Publish
on:
push:
branches:
- main
- release/*
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-image
TAG_PREXIX: release-v
jobs:
Publish:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout#v3
- name: "Bump package version"
id: bumpVersion
uses: "phips28/gh-action-bump-version#master"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PACKAGEJSON_DIR: "./client"
tag-prefix: ${{env.TAG_PREXIX}}
major-wording: "MAJOR,BREAKING CHANGE:"
minor-wording: "feat"
patch-wording: "patch,fix,bugfix,chore"
Build-Docker-Image:
runs-on: ubuntu-latest
needs: Publish
if: github.ref == 'ref/head/release' || contains(github.ref, '/tags/release')
steps:
- name: Log into Container registry ${{ env.REGISTRY }}
uses: docker/login-action#v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action#v3
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{env.TAG_PREXIX}}${{steps.bumpVersion.outputs.newTag}}
Release:
runs-on: ubuntu-latest
needs: Publish
steps:
- name: Create Release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
release_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}

GitHub Action In-line if

So I have the following workflow and its working perfectly. I now want to enhance it and when I am doing a PR to master, I want to set NETLIFY_DEPLOY_TO_PROD: false instead of it being true? Do I have to duplicate this all in a new workflow, or could do some inline if check of github.event_name === push ? true : false
name: 'Netlify Deploy'
on:
push:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: true

You could set an environment variable to indicate if deploy to prod should happen, and change it depending on the event name:
name: Netlify Deploy
on:
push:
branches:
- master
pull_request:
branches:
- master
env:
DEPLOY: false
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Deploy on pushes
if: github.event_name == 'push'
run: echo 'DEPLOY=true' >> "$GITHUB_ENV"
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: ${{ github.event.head_commit.message }}
NETLIFY_DEPLOY_TO_PROD: ${{ env.DEPLOY }}

You want to use github action expressions for this as it's quicker and you don't need any other unnecessary steps. I would only use steps to run scripts when they are more complex in nature
Reference: https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
Example 1: Trigger on push
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' }}
Example 2 & Solution: Trigger on push and branch is master
NOTE: You only need to check for branch master if you are planning to let this workflow run on other branches. Otherwise you can just use example 1 above that sets variable to true if event name is push only.
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' && contains(github.ref, 'master') }}