fix: only run Asana jobs if the secrets are present

This avoids failures when running on PRs from forks. We do it in this convoluted way because you can't access secrets directly from `if` blocks: actions/runner#520 The key differences between this and #14 are: - typo: should be `outputs` in the `if` blocks - more explicity check for the secrets in a Bash script, so we can see the output - use `yes` instead of `true` as the value to more clearly distinguish the value from a true boolean
mbta · Aug 7, 2023 · 4c566ce · 4c566ce
1 parent ce26c80
commit 4c566ce
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/.github/workflows/asana.yml b/.github/workflows/asana.yml
@@ -29,9 +29,21 @@ on:
         required: false
         description: GitHub secret that Asana uses to fetch PR information.
 jobs:
+  check-for-secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      has-asana-token: ${{ steps.one.outputs.has-asana-token }}
+      has-github-secret: ${{ steps.one.outputs.has-github-secret }}
+    steps:
+      - id: one
+        run: |
+          [ -n "${{ secrets.asana-token }}" ] && echo "has-asana-token=yes" >> "$GITHUB_OUTPUT"
+          [ -n "${{ secrets.github-secret }}" ] && echo "has-github-secret=yes" >> "$GITHUB_OUTPUT"
+          cat "$GITHUB_OUTPUT"
   move-to-merged-asana-ticket-job:
     runs-on: ubuntu-latest
-    if: inputs.merged-section != '' && github.event.pull_request.merged == true && github.actor != 'dependabot[bot]' 
+    needs: check-for-secrets
+    if: inputs.merged-section != '' && needs.check-for-secrets.outputs.has-asana-token == 'yes' && github.event.pull_request.merged == true && github.actor != 'dependabot[bot]'
     steps:
       - name: Move ticket on merge
         uses:  mbta/github-asana-action@v4.3.0
@@ -42,7 +54,8 @@ jobs:
           mark-complete: ${{ inputs.complete-on-merge }}
   move-to-in-review-asana-ticket-job:
     runs-on: ubuntu-latest
-    if: inputs.review-section != '' && github.event.action == 'review_requested' && github.actor != 'dependabot[bot]'
+    needs: check-for-secrets
+    if: inputs.review-section != '' && needs.check-for-secrets.outputs.has-asana-token == 'yes' && github.event.action == 'review_requested' && github.actor != 'dependabot[bot]'
     steps:
       - name: Move ticket on review requested
         uses:  mbta/github-asana-action@v4.3.0
@@ -52,8 +65,9 @@ jobs:
           target-section: ${{ inputs.review-section }}
   create-asana-attachment-job:
     runs-on: ubuntu-latest
+    needs: check-for-secrets
     name: Create pull request attachments on Asana tasks
-    if: inputs.attach-pr && github.actor != 'dependabot[bot]'
+    if: inputs.attach-pr && needs.check-for-secrets.outputs.has-github-secret == 'yes' && github.actor != 'dependabot[bot]'
     steps:
       - name: Create pull request attachments
         uses: Asana/create-app-attachment-github-action@v1.2