False positive: "Context access might be invalid" for repository secret in workflow file #533
Description
VS Code Version: 1.106.2 (Universal)
Commit: 1e3c50d64110be466c0b4a45222e81d2c9352888
Date: 2025-11-19T16:56:50.023Z
Electron: 37.7.0
ElectronBuildId: 12781156
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 25.1.0
Extension: GitHub Actions
Version: 0.28.1
Repository: Shigeo-Isshiki/kacsw-static-web-app
File: azure-static-web-apps-wonderful-dune-09934f50f.yml
Problem:
Context access might be invalid: AZURE_STATIC_WEB_APPS_API_TOKEN_WONDERFUL_DUNE_09934F50F shown in Problems panel for the following line:
azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_WONDERFUL_DUNE_09934F50F }}
Steps to reproduce:
Open the repository in VS Code.
Open azure-static-web-apps-wonderful-dune-09934f50f.yml.
Observe the Problems panel showing the message above.
Expected:
No warning when the workflow references a repository secret by name. The extension should either detect that the secret exists in the repository or provide a user setting to disable secret validation for workflow files.
Console logs: (optional — Developer Tools console output if available; please attach without any secret values)
Extensions list (relevant):
GitHub Actions — Version: 0.28.1
Additional notes:
The secret AZURE_STATIC_WEB_APPS_API_TOKEN_WONDERFUL_DUNE_09934F50F is present under repository Settings → Secrets and variables → Actions. The workflow runs properly when executed (no runtime error related to secret reference).