fix(ci): use env var for Docker Hub token check in workflow conditions

GitHub Actions doesn't allow secrets context in step if expressions. Add HAS_DOCKERHUB_TOKEN env var at job level that evaluates the secret existence, then reference that env var in step conditions. Fixes: "Unrecognized named-value: 'secrets'" workflow validation error
2026-01-25 20:19:57 +00:00
parent 55ce7085d0
commit 3ba2ddcfe4
2 changed files with 10 additions and 6 deletions
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -65,6 +65,8 @@ jobs:
  build-and-push-nightly:
    needs: sync-development-to-nightly
    runs-on: ubuntu-latest
+    env:
+      HAS_DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN != '' }}
    permissions:
      contents: read
      packages: write
@@ -98,7 +100,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Log in to Docker Hub
-        if: secrets.DOCKERHUB_TOKEN != ''
+        if: env.HAS_DOCKERHUB_TOKEN == 'true'
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef  # v3.6.0
        with:
          registry: docker.io
@@ -163,7 +165,7 @@ jobs:

      # Sign Docker Hub image with keyless signing (Sigstore/Fulcio)
      - name: Sign Docker Hub Image
-        if: secrets.DOCKERHUB_TOKEN != ''
+        if: env.HAS_DOCKERHUB_TOKEN == 'true'
        run: |
          echo "Signing Docker Hub nightly image with keyless signing..."
          cosign sign --yes ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
@@ -171,7 +173,7 @@ jobs:

      # Attach SBOM to Docker Hub image
      - name: Attach SBOM to Docker Hub
-        if: secrets.DOCKERHUB_TOKEN != ''
+        if: env.HAS_DOCKERHUB_TOKEN == 'true'
        run: |
          echo "Attaching SBOM to Docker Hub nightly image..."
          cosign attach sbom --sbom sbom-nightly.json ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}