act environment protection rules not enforced running Actions locally
GitHub environments add protection rules (required reviewers, wait timers, branch limits) and environment-scoped secrets. act does not implement environments, so those gates are skipped and environment secrets are not injected unless you supply them yourself.
What this error means
A job with environment: production runs without waiting for approval under act, and any environment-scoped secret it needs is empty.
[Deploy/deploy] environment: production
| secrets.PROD_API_KEY resolved to an empty stringCommon causes
act does not model GitHub environments
Protection rules and required reviewers live in GitHub; act runs the job straight through with no gate.
Environment-scoped secrets are not injected
Secrets tied to an environment on GitHub are not known to act, so they read as empty locally.
How to fix it
Supply environment secrets locally
Pass the environment-scoped secrets via .secrets or -s so the job can run under act.
act -s PROD_API_KEY=your_value -j deployDo not treat local success as approval
Rely on GitHub, not act, to enforce reviewers and wait timers before a real deploy.
How to prevent it
- Remember act skips environment protection; verify gates on GitHub.
- Provide environment secrets explicitly for local runs.
- Keep real approvals and deploys on GitHub, not act.