Add fork context warning to validate_secrets.cjs

[Copilot]

When validate_secrets.cjs runs in a forked repository, all parent secrets are absent, causing every secret to report a generic "not found" error with no hint about the root cause.

Changes

• validate_secrets.cjs: Added isForkRepository(payload) pure helper that checks payload?.repository?.fork === true. Called at the top of main() to emit a core.warning() before any per-secret validation when running in a fork:

  ⚠️ This repository is a fork. Secrets from the parent repository are not inherited.
  You must configure each secret listed below directly in your fork's repository settings.
  

• validate_secrets.test.cjs: Added 6 tests for isForkRepository covering fork: true, fork: false, missing fork key, missing repository key, and null/undefined payload.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Add fork context warning to validate_secrets.cjs</issue_title>
<issue_description>## Context

Closes part of #18481 — gh-aw in forks.

actions/setup/js/validate_secrets.cjs validates that required secrets are present. In a forked repository, all secrets from the parent repo are absent. Currently the script reports each missing secret with a generic "not found" error, giving no hint that the fork context is the root cause.

Objective

Update validate_secrets.cjs to detect when running inside a fork (context.payload.repository.fork === true) and prepend a fork-context warning to the output, making it clear that all secrets must be independently configured in the fork.

Approach

1. In actions/setup/js/validate_secrets.cjs, read context.payload.repository.fork (the @actions/github context is already available).
2. If fork === true, emit a core.warning(...) at the top of the output like:

   ⚠️ This repository is a fork. Secrets from the parent repository are not inherited. You must configure each secret listed below directly in your fork's repository settings.

3. Keep the existing per-secret validation logic unchanged — just prefix the report.
4. Run make fmt-cjs && make lint-cjs to validate.
5. Add/update tests in validate_secrets.test.cjs covering the fork branch.

Files to Modify

• actions/setup/js/validate_secrets.cjs — add fork detection + warning prefix
• actions/setup/js/validate_secrets.test.cjs — tests for fork path

Acceptance Criteria

• Fork context detected from context.payload.repository.fork
• core.warning(...) emitted at the top of output when in a fork
• Message clearly says secrets must be configured in the fork
• Existing non-fork behaviour is unchanged
• Tests pass (make lint-cjs)
  Related to Using gh-aw in forks of repositories #18481

Generated by Plan Command for issue #18481

• expires on Feb 28, 2026, 4:18 PM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Add fork context warning to validate_secrets.cjs #18519

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR adds fork context detection to the secret validation script, helping users understand why secrets are missing when running in forked repositories.

Changes:

• Added isForkRepository() helper function to detect fork repositories from the GitHub context payload
• Added a warning message at the start of validation when running in a fork, explaining that parent secrets are not inherited
• Added comprehensive test coverage for the new fork detection logic

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
actions/setup/js/validate_secrets.cjs	Added isForkRepository() helper function and fork context warning in main()
actions/setup/js/validate_secrets.test.cjs	Added 6 test cases for isForkRepository() covering all edge cases

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.