Skip to content
Latchkey

act environment protection rules not enforced running Actions locally

GitHub environments add protection rules (required reviewers, wait timers, branch limits) and environment-scoped secrets. act does not implement environments, so those gates are skipped and environment secrets are not injected unless you supply them yourself.

What this error means

A job with environment: production runs without waiting for approval under act, and any environment-scoped secret it needs is empty.

act
[Deploy/deploy] environment: production
| secrets.PROD_API_KEY resolved to an empty string

Common causes

act does not model GitHub environments

Protection rules and required reviewers live in GitHub; act runs the job straight through with no gate.

Environment-scoped secrets are not injected

Secrets tied to an environment on GitHub are not known to act, so they read as empty locally.

How to fix it

Supply environment secrets locally

Pass the environment-scoped secrets via .secrets or -s so the job can run under act.

Terminal
act -s PROD_API_KEY=your_value -j deploy

Do not treat local success as approval

Rely on GitHub, not act, to enforce reviewers and wait timers before a real deploy.

How to prevent it

  • Remember act skips environment protection; verify gates on GitHub.
  • Provide environment secrets explicitly for local runs.
  • Keep real approvals and deploys on GitHub, not act.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →