From 97daee598e7d24903295c63938163249bba9a26e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3bert=20Papp?= <papp.robert.s@gmail.com>
Date: Mon, 9 Mar 2026 11:49:02 +0000
Subject: [PATCH 1/4] Add GitHub Actions workflow for secret handling

---
 .github/workflows/if-secrets.yml | 38 ++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/if-secrets.yml

diff --git a/.github/workflows/if-secrets.yml b/.github/workflows/if-secrets.yml
new file mode 100644
index 0000000..30d21be
--- /dev/null
+++ b/.github/workflows/if-secrets.yml
@@ -0,0 +1,38 @@
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  job-secret:
+    name: "Jobs can't reference secrets in if"
+    runs-on: ubuntu-latest
+    if: ${{ secrets.EXISTING_SECRET }}
+    steps:
+      - run: "echo Hello"
+
+  job-secret-env:
+    name: "Jobs can't reference env in if"
+    runs-on: ubuntu-latest
+    env:
+      EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
+    if: ${{ env.EXISTING_SECRET }}
+    steps:
+      - run: "echo Hello"
+
+  step-secret:
+    name: "Step secrets: Invalid"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Steps can't reference secrets"
+        if: ${{ secrets.EXISTING_SECRET }}
+        run: "echo Hello"
+
+  step-secret-env:
+    name: "Steps secrets: Workaround"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Workaround"
+        env:
+          EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
+        if: ${{ env.EXISTING_SECRET }}
+        run: "echo Hello"

From 6ffb6a6ebd57d9220add7be094491bf671ef4808 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3bert=20Papp?= <papp.robert.s@gmail.com>
Date: Mon, 9 Mar 2026 11:53:32 +0000
Subject: [PATCH 2/4] Fix if conditions for secrets and env variables

---
 .github/workflows/if-secrets.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/if-secrets.yml b/.github/workflows/if-secrets.yml
index 30d21be..57935b4 100644
--- a/.github/workflows/if-secrets.yml
+++ b/.github/workflows/if-secrets.yml
@@ -6,7 +6,8 @@ jobs:
   job-secret:
     name: "Jobs can't reference secrets in if"
     runs-on: ubuntu-latest
-    if: ${{ secrets.EXISTING_SECRET }}
+    # Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.EXISTING_SECRET
+    #if: ${{ secrets.EXISTING_SECRET }}
     steps:
       - run: "echo Hello"
 
@@ -15,7 +16,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
-    if: ${{ env.EXISTING_SECRET }}
+    # Unrecognized named-value: 'env'. Located at position 1 within expression: env.EXISTING_SECRET
+    #if: ${{ env.EXISTING_SECRET }}
     steps:
       - run: "echo Hello"
 
@@ -24,15 +26,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Steps can't reference secrets"
-        if: ${{ secrets.EXISTING_SECRET }}
+        # Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.EXISTING_SECRET
+        #if: ${{ secrets.EXISTING_SECRET }}
         run: "echo Hello"
 
   step-secret-env:
     name: "Steps secrets: Workaround"
     runs-on: ubuntu-latest
     steps:
-      - name: "Workaround"
+      - name: "Workaround (true)"
         env:
           EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
         if: ${{ env.EXISTING_SECRET }}
         run: "echo Hello"
+
+      - name: "Workaround (false)"
+        env:
+          EXISTING_SECRET: ${{ secrets.NON_EXISTENT_SECRET }}
+        if: ${{ env.EXISTING_SECRET }}
+        run: "echo Hello"

From a51e2d9c0392ac4ee3d9dc5b67468a7cefe98d5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3bert=20Papp?= <papp.robert.s@gmail.com>
Date: Mon, 9 Mar 2026 11:56:58 +0000
Subject: [PATCH 3/4] Fix indentation and update environment variable usage

---
 .github/workflows/if-secrets.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/if-secrets.yml b/.github/workflows/if-secrets.yml
index 57935b4..0414ebf 100644
--- a/.github/workflows/if-secrets.yml
+++ b/.github/workflows/if-secrets.yml
@@ -41,7 +41,7 @@ jobs:
         run: "echo Hello"
 
       - name: "Workaround (false)"
-        env:
-          EXISTING_SECRET: ${{ secrets.NON_EXISTENT_SECRET }}
         if: ${{ env.EXISTING_SECRET }}
         run: "echo Hello"
+        env:
+          EXISTING_SECRET: ${{ secrets.NON_EXISTENT_SECRET }}

From 922ab82221307cf5cf28dabd8b6398f2f600c2e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3bert=20Papp?= <papp.robert.s@gmail.com>
Date: Mon, 9 Mar 2026 11:57:14 +0000
Subject: [PATCH 4/4] Fix secret environment variable usage in workflow

---
 .github/workflows/if-secrets.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/if-secrets.yml b/.github/workflows/if-secrets.yml
index 0414ebf..44ae1f9 100644
--- a/.github/workflows/if-secrets.yml
+++ b/.github/workflows/if-secrets.yml
@@ -35,10 +35,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Workaround (true)"
-        env:
-          EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
         if: ${{ env.EXISTING_SECRET }}
         run: "echo Hello"
+        env:
+          EXISTING_SECRET: ${{ secrets.EXISTING_SECRET }}
 
       - name: "Workaround (false)"
         if: ${{ env.EXISTING_SECRET }}