Workflow expression variable reference checks miss some variables

[briantist]

Describe the bug
The expression checker looks to see if variables that are referenced are actually defined and warns if a context reference may not be valid. This can cause bugs like #47 , but also it's missing some variables completely.

From the above issue:

name: "Context access might be invalid"
on: push
jobs:
  context-access-might-be-invalid:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup environment variables
        uses: rlespinasse/github-slug-action@v4

      - name: Print custom environment variables
        run: echo ${{ env.GITHUB_REF_SLUG }}

This raises the Context access might be invalid warning for env.GITHUB_REF_SLUG.

If the expression itself branches like so, only the "false" path as evaluated in the extension will raise a warning:

name: "Context access might be invalid"
on: push
jobs:
  context-access-might-be-invalid:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup environment variables
        uses: rlespinasse/github-slug-action@v4

      - name: Print custom environment variables
        run: echo ${{ true == false && env.FAKE_VAR || env.GITHUB_REF_SLUG }}

Here, the warning will be raised again, but only for env.GITHUB_REF_SLUG.

If we "define" the env var in an env block explicitly:

name: "Context access might be invalid"
on: push
jobs:
  context-access-might-be-invalid:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup environment variables
        uses: rlespinasse/github-slug-action@v4

      - name: Print custom environment variables
        env:
          GITHUB_REF_SLUG: whatever
        run: echo ${{ true == false && env.FAKE_VAR || env.GITHUB_REF_SLUG }}

then the warning goes away completely, and env.FAKE_VAR is never considered.

Alternatively, if we change the expression to something that can be evaluated as true at parse time:

name: "Context access might be invalid"
on: push
jobs:
  context-access-might-be-invalid:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup environment variables
        uses: rlespinasse/github-slug-action@v4

      - name: Print custom environment variables
        run: echo ${{ true && env.FAKE_VAR || env.GITHUB_REF_SLUG }}

Then the warning will change to env.FAKE_VAR only, ignoring the other one.

To Reproduce
See above.

Expected behavior
Both vars are warned against.

Extension Version
v0.25.3

[ad-m-ss]

Another instance is about matrix variable:

Example workflow:

jobs:
  build-python-test:
    name: Build Python for test
    runs-on: ubuntu-20.04
    steps:
      - uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          job_name: Test
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          MATRIX_CONTEXT: ${{ toJson(matrix) }}

[cschleiden]

@briantist Thanks for reporting this, I agree this is something we should look into.

@ad-m-ss That is a valid error. The job isn't using a matrix strategy, so it won't be defined.

[cschleiden]

This is fixed and will be included in the next release.

[dev0T]

and they never fix it

It has been said it will be fixed in the next release.

[cschleiden]

The release should've gone out by now. If you're still seeing issues, would you mind creating another issue with more details? Thanks

[PhiFry]

When is the release?

[ElonGaties]

I don't seem to have the release here either weirdly

[klausbadelt]

duplicate of #222