Skip to content

fix: suppress false warnings "Context access might be invalid" for secrets/vars #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
davidruzicka wants to merge 7 commits into
base: main
Choose a base branch
from
Open

fix: suppress false warnings "Context access might be invalid" for secrets/vars #223

davidruzicka wants to merge 7 commits into from

Conversation

@davidruzicka
Copy link

@davidruzicka davidruzicka commented Dec 3, 2025
edited
Loading

Users experience false "Context access might be invalid" warnings for repository secrets and variables because of temporarily unavailable context during language server initialization. contextProviders returns undefined, causing validation to use an empty DescriptionDictionary with complete = true, which flags all secret/variable access as invalid.

Fixes github/vscode-github-actions#222

Required for PR 534 /github/vscode-github-actions

This pull request introduces a configurable mechanism for controlling the validation of secrets and variables context in the language server:

  • Added a new SecretsValidationMode type ("auto" | "always" | "never") and an optional secretsValidation field to the InitializationOptions interface in initializationOptions.ts. This allows users to configure how secrets and variables validation is handled.
  • Updated connection.ts to read and propagate the secretsValidation option throughout the initialization and context provider configuration, ensuring the chosen mode is respected during server operation.
  • Refactored contextProviders in context-providers.ts to handle secrets/variables context differently based on the selected validation mode. In "never" and "auto" modes, incomplete context is returned to suppress warnings if the client or repo is missing; in "always" mode, undefined is returned to trigger warnings.
  • Added a comprehensive test suite for contextProviders in context-providers.test.ts, covering all secrets validation modes and ensuring correct context behavior for secrets and variables.

Unfixed problem:
unfixed

Fixed:
fixed

@davidruzicka
fix: return incomplete context for secrets/vars when API unavailable
38215af 
When GitHub API client or repository context is not available, mark secrets and vars contexts as incomplete instead of returning undefined.

This prevents false 'Context access might be invalid' warnings for repository secrets and variables.

Fixes github/vscode-github-actions#222
@davidruzicka
Merge branch 'actions:main' into dr-remove-warnings-for-repository-va…
14995b3 
…riables-and-secrets
Copilot AI review requested due to automatic review settings December 3, 2025 20:33
@davidruzicka davidruzicka requested a review from a team as a code owner December 3, 2025 20:33
Copilot finished reviewing on behalf of davidruzicka December 3, 2025 20:35
Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes false "Context access might be invalid" warnings for secrets and variables by introducing a configurable validation mode that properly handles cases where the GitHub client or repository context is temporarily unavailable during language server initialization.

Key changes:

  • Added SecretsValidationMode type with three options: "auto" (default), "always", and "never"
  • Modified context providers to return incomplete context instead of undefined when validation should be suppressed
  • Added comprehensive test coverage for the new validation modes

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
languageserver/src/initializationOptions.ts Defines the new SecretsValidationMode type and adds the secretsValidation configuration option to InitializationOptions
languageserver/src/context-providers.ts Implements the validation mode logic to suppress or enable warnings based on configuration and client/repo availability
languageserver/src/context-providers.test.ts Adds test suite covering all three validation modes for secrets and variables context
languageserver/src/connection.ts Reads and propagates the secretsValidation setting from initialization options to context provider calls

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@davidruzicka davidruzicka requested a review from Copilot December 3, 2025 22:10
Copilot finished reviewing on behalf of davidruzicka December 3, 2025 22:12
Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

languageserver/src/context-providers.ts:62

  • [nitpick] The switch statement doesn't have a default case and implicitly returns undefined for unknown context names. Consider adding an explicit default case for clarity:
switch (name) {
  case "secrets":
    return await getSecrets(workflowContext, client, cache, repo, defaultContext, mode);
  case "vars":
    return await getVariables(workflowContext, client, cache, repo, defaultContext);
  case "steps":
    return await getStepsContext(client, cache, defaultContext, workflowContext);
  default:
    return undefined;
}

This makes the intended behavior more explicit and easier to understand.

    switch (name) {
      case "secrets":
        return await getSecrets(workflowContext, client, cache, repo, defaultContext, mode);
      case "vars":
        return await getVariables(workflowContext, client, cache, repo, defaultContext);
      case "steps":
        return await getStepsContext(client, cache, defaultContext, workflowContext);
    }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@davidruzicka davidruzicka requested a review from Copilot December 3, 2025 22:22
Copilot finished reviewing on behalf of davidruzicka December 3, 2025 22:24
Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@davidruzicka davidruzicka mentioned this pull request Dec 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"Context access might be invalid" warning thrown for repository variables and secrets

1 participant

@davidruzicka