Consider changing GitHub Actions conditions to use secrets

[sjohnr]

After some research, it turns out secrets cannot be used in conditionals in GitHub Actions. However, you can configure an environment with variables which can be accessed in conditionals.

For an OSS project, we could define an environment called upstream with variables for building the project, deploying artifacts, etc. Forks of the project will not have this environment, and therefore the variables. However, individual contributors can create the environment and control parts of the workflow they wish to run by setting the corresponding variables.

For example, imagine the following workflow:

name: Build and Deploy

on:
  push:
  workflow_dispatch:

env:
  ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
  ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}

jobs:
  build:
    name: Build
    if: ${{ vars.BUILD_PROJECT == 'true' }}
    runs-on: ubuntu-latest
    environment: upstream
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: spring-io/spring-gradle-build-action@v2
      - name: Build with Gradle
        run: ./gradlew build --continue
  deploy:
    name: Deploy
    needs: [build]
    if: ${{ vars.DEPLOY_ARTIFACTS == 'true' }}
    runs-on: ubuntu-latest
    environment: upstream
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: spring-io/spring-gradle-build-action@v2
      - name: Deploy artifacts
        run: ./gradlew publishArtifacts finalizeDeployArtifacts --stacktrace

To cause parts of the workflow (jobs) to run, define an environment in settings called upstream. To run the build job, define a variable in that environment called BUILD_PROJECT with true. To run the job deploy, define DEPLOY_ARTIFACTS with true.

cc: @rwinch

[sjohnr]

Note: You can also simply define repository variables if using an environment is not necessary.