ci: make CI fork-friendly when DEPLOY_KEY secret is absent#196
Merged
Conversation
The fork's CI has never run (`gh api repos/quangdang46/jcode/actions/runs`
returns total_count=0 for both pull_request and push events) because
upstream's workflows assume a `DEPLOY_KEY` SSH secret that the fork
does not have.
Two changes:
1. Gate every `webfactory/ssh-agent@v0.9.0` step on
`if: ${{ secrets.DEPLOY_KEY != '' }}` so the SSH agent setup is
simply skipped when the secret is absent. This is safe here because
none of this fork's Cargo git dependencies use SSH URLs:
- `agentgrep` -> https://github.com/1jehuang/agentgrep.git
- `mermaid-rs-renderer` -> https://github.com/1jehuang/mermaid-rs-renderer.git
So the `actions/checkout@v4` step's empty `ssh-key` falls back to
the GITHUB_TOKEN HTTPS path automatically. Applies to 5 jobs in
ci.yml + 1 step in release.yml.
2. Add `workflow_dispatch:` to ci.yml so maintainers can trigger CI
manually from the Actions tab while debugging without having to
force-push a no-op commit.
Note for the fork owner: GitHub disables Actions on a freshly-forked
repo until you visit the Actions tab once and click 'I understand my
workflows, go ahead and enable them'. After this PR is merged AND the
fork's Actions are enabled, future PRs will automatically run CI.
Refs the absence of CI runs blocking PRs #174-#195.
This was referenced May 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The fork's CI has never run (
gh api repos/quangdang46/jcode/actions/runsreturnstotal_count=0for bothpull_requestandpushevents) because upstream's workflows assume aDEPLOY_KEYSSH secret that the fork does not have. This is why none of PRs #174-#195 show CI status.Changes
Gate every
webfactory/ssh-agent@v0.9.0step onif: ${{ secrets.DEPLOY_KEY != '' }}so the SSH agent setup is simply skipped when the secret is absent. Safe here because no Cargo git dependency in this fork uses SSH URLs:agentgrep→https://github.com/1jehuang/agentgrep.gitmermaid-rs-renderer→https://github.com/1jehuang/mermaid-rs-renderer.gitThe
actions/checkout@v4step's emptyssh-keyfalls back to the GITHUB_TOKEN HTTPS path automatically.Applies to 5 jobs in
.github/workflows/ci.yml+ 1 step in.github/workflows/release.yml.Add
workflow_dispatch:to ci.yml so maintainers can trigger CI manually from the Actions tab while debugging without having to force-push a no-op commit.One-time fork owner step (cannot be done via PR)
GitHub disables Actions on a freshly-forked repo until you visit the Actions tab once and click "I understand my workflows, go ahead and enable them":
After this PR is merged AND the fork's Actions are enabled, future PRs will automatically run CI. To verify after enable, you can manually trigger the new
workflow_dispatch:Tests
Both YAML files parse cleanly. The 5
if:insertions are syntactically minimal — they only add a single line per ssh-agent step.Notes
If you want CI to also exercise the SSH-deploy-key path (e.g. to validate it for an eventual private-dep setup), add a
DEPLOY_KEYrepo secret via:Without the secret, the gated steps are simply skipped — they do NOT fail the workflow.