fix: skip failure notifications when upload_token is empty

[Copilot]

When upload_token is empty, the upload step fails and incorrectly triggers the admin notification and issue-creation steps. These should only fire on real upload failures, not misconfiguration.

Changes

• New check-token step — added as the first step; emits ::error:: and exits early if upload_token is empty. Token passed via env: to avoid shell injection.
• Notification steps gated on token check — both if: failure() conditions now also require steps.check-token.outcome == 'success', so they are skipped when the failure is due to an empty token.

- name: Check upload token
  id: check-token
  shell: bash
  env:
    UPLOAD_TOKEN: ${{ inputs.upload_token }}
  run: |
    if [[ -z "$UPLOAD_TOKEN" ]]; then
      echo "::error::upload_token is required but was not provided"
      exit 1
    fi

# notification steps
- name: Create issue if failed
  if: failure() && steps.check-token.outcome == 'success'
  ...

- name: Notify admin if failed
  if: failure() && steps.check-token.outcome == 'success'
  ...

Summary by Sourcery

Bug Fixes:

• 通过增加显式的 token 校验步骤，并仅在校验成功后才发送通知，防止在 upload_token 输入缺失或为空时仍然运行失败通知和创建 issue 的逻辑。

Original summary in English

Summary by Sourcery

Bug Fixes:

• Prevent failure notifications and issue creation from running when the upload_token input is missing or empty by introducing an explicit token validation step and conditioning notifications on its success.

Original summary in English

Summary by Sourcery

Bug Fixes:

• 通过增加显式的 token 校验步骤，并仅在校验成功后才发送通知，防止在 upload_token 输入缺失或为空时仍然运行失败通知和创建 issue 的逻辑。

Original summary in English

Summary by Sourcery

Bug Fixes:

• Prevent failure notifications and issue creation from running when the upload_token input is missing or empty by introducing an explicit token validation step and conditioning notifications on its success.

[sourcery-ai]

你好——我已经审查了你的更改，一切看起来都很棒！

---

Sourcery 对开源项目是免费的——如果你觉得我们的审查有帮助，欢迎分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点击 👍 或 👎，我会根据你的反馈改进后续的审查。}

Original comment in English

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Copilot]

Pull request overview

Updates the composite GitHub Action to treat an empty upload_token as a configuration error and avoid triggering failure-notification automation for that scenario.

Changes:

• Added an initial check-token step that errors and exits when upload_token is empty.
• Gated the “Create issue if failed” and “Notify admin if failed” steps on failure() and steps.check-token.outcome == 'success'.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description says the token is passed via env: to avoid shell injection, but later steps still interpolate ${{ inputs.upload_token }} directly into shell commands (e.g., the Python invocation and the curl --header 'Authorization: ...'). If upload_token ever contains characters like quotes/newlines, this can break quoting and reintroduce injection/logging risk. Consider passing the token via env: for those steps too and referencing it as "$UPLOAD_TOKEN" in the script/arguments.