Do not attempt to send screenshots to Pixel Eagle without a token

[LikeLakers2]

Objective

Running Github Actions on forks helps users to reduce the amount of CI errors they get before submitting a PR. However, due to how workflows are set up on the Bevy repository, this can result in errors occurring for jobs that may not be related to their PR - in this case, uploading screenshots to Pixel Eagle.

Solution

The Pixel Eagle workflow is skipped if we aren't running on the Bevy repository.

If we are on the Bevy repository, or the user has set it to run elsewhere, we check if the PIXELEAGLE_TOKEN secret is set. If it isn't, we skip uploading screenshots to Pixel Eagle.

• Artifacts still continue to generate, in case the user needs them.
• In the event that the Pixel Eagle workflow runs, but the PIXELEAGLE_TOKEN secret isn't set, we generate a step summary that notifies the user of why it was skipped. https://github.com/LikeLakers2/bevy/actions/runs/12173329006/attempts/1#summary-33953502068 for an example.

Testing

Lots. And lots. Of trying to get Github Actions to work with me.

[LikeLakers2]

In case you're curious:

• Environment variables are stored as strings. However, the strings 'true' and 'false' are valid JSON, and return booleans when converted to JSON.
• This if: has to be on the steps - an if: conditional on the job itself cannot access to environment variables for some reason.

[BD103]

Your current approach works, which is why I'm approving it, but we can improve it by checking what repository this is being run from.

By adding if: ${{ github.repository == "bevyengine/bevy" }}, we can skip saving the secret to an environmental variable and the various other checks.

[BD103]

Could you please remove the old logic, since it no longer has any effect? (Also I'd rather avoid putting secrets in environmental variables if possible.)

[LikeLakers2]

@BD103

Could you please remove the old logic, since it no longer has any effect?

It does have an effect, though.

In the old version, if secrets.PIXELEAGLE_TOKEN == '', then certain parameters to curl would be given an empty value. This results in an error from curl itself.

With the logic I added, it sets an environment variable PIXELEAGLE_TOKEN_EXISTS to the result of secrets.PIXELEAGLE_TOKEN != ''. If this is 'false', then secrets.PIXELEAGLE_TOKEN == ''. With this, we can prevent some steps from running that would otherwise error out.

(Also I'd rather avoid putting secrets in environmental variables if possible.)

I agree - and this is why the environment variable isn't the secret itself, but rather a boolean, the result of checking if secrets.PIXELEAGLE_TOKEN != ''. That way, if the environment variable is ever exposed, it won't show the token.

[BD103]

Oh, you're right! I misread:

PIXELEAGLE_TOKEN_EXISTS: ${{ secrets.PIXELEAGLE_TOKEN != '' }}

as

PIXELEAGLE_TOKEN_EXISTS: ${{ secrets.PIXELEAGLE_TOKEN }}

so I thought the environmental variable stored the secret directly. Sorry for confusion, approved!