Skip to content

fix(reusable-ci): move secret env to job scope so step if: gates work#9

Merged
chitcommit merged 1 commit into
mainfrom
fix/reusable-ci-env-context-gates
Jun 10, 2026
Merged

fix(reusable-ci): move secret env to job scope so step if: gates work#9
chitcommit merged 1 commit into
mainfrom
fix/reusable-ci-env-context-gates

Conversation

@chitcommit

@chitcommit chitcommit commented Jun 10, 2026

Copy link
Copy Markdown
Member

Follow-up to #8. After YAML parsing was unblocked, consumer runs hit startup_failure because security/ai-review jobs declared SNYK_TOKEN / ANTHROPIC_API_KEY only at step level while gating with if: env.X != ''. Step-level env is not visible in that same step's if expression. Hoisting env to job scope is the canonical pattern.

@chitcommit @claude
fix(reusable-ci): move secret env to job scope so step if: gates work
e3bc1ff 
Step-level env: is materialized too late to be visible in that same step's
if: expression. After #8 unblocked YAML parsing, consumer runs began
hitting startup_failure because the security and ai-review jobs declared
SNYK_TOKEN / ANTHROPIC_API_KEY only at step level while gating the step
with `if: env.X != ''`.

Hoist those env: blocks to job scope (canonical pattern) so the gate
resolves correctly. No behavior change when the secret is present; when
absent, the gated step is skipped instead of failing the run.

Also adds the missing actions/setup-node step to the security job so
`npm audit` has a node toolchain.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@chitcommit chitcommit merged commit 109df61 into main Jun 10, 2026
1 check passed
@chitcommit chitcommit deleted the fix/reusable-ci-env-context-gates branch June 10, 2026 02:32
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@chitcommit, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 27 minutes and 24 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 53c3b4fa-87b8-4a15-bcd9-e7471d0dfa23

📥 Commits

Reviewing files that changed from the base of the PR and between c730cb6 and e3bc1ff.

📒 Files selected for processing (1)
  • .github/workflows/reusable-ci-pipeline.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/reusable-ci-env-context-gates

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@chitcommit chitcommit mentioned this pull request Jun 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chitcommit