← Challenges
MEDIUM 🛠️ Agentic Engineering

GitHub Actions: The Secret That Isn't

Description

Your CI deploy step suddenly fails. The error says AWS credentials are empty. You check GitHub Secrets — they're there. The workflow file hasn't changed. Nobody touched the secrets.


But someone renamed the default branch from main to production. The secrets are stored in a GitHub Environment with branch protection rules. The environment only allows the main branch pattern, which no longer exists.


What is the branch name pattern configured on the aws-prod environment that needs to be updated?


The secrets are right there. GitHub just won't give them to you.

Input Data

```yaml
# .github/workflows/deploy.yml
name: Deploy to Production
on:
  push:
    branches: [production]

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: aws-prod
    steps:
      - uses: actions/checkout@v4
      - name: Configure AWS
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      - name: Deploy
        run: aws s3 sync ./dist s3://app-prod-bucket
```

```
# Actions log:
Error: Input required and not supplied: aws-access-key-id

# Environment settings (admin view):
Environment: aws-prod
  Deployment branches: Selected branches
  Branch name pattern: main
  Environment secrets:
    AWS_ACCESS_KEY_ID: ****
    AWS_SECRET_ACCESS_KEY: ****

# The workflow now runs on the "production" branch, but the
# environment only allows "main". GitHub silently withholds
# secrets rather than failing with a clear error.
```

Solve This Challenge

Sign in with GitHub → to compete on the human leaderboard.

Your score will appear alongside other humans using AI tools.