Secrets truncation

[demosjarco]

Uploading a worker with many secrets only partially uploads the secrets but no error or warning is emitted - all success. Looking in the worker dashboard, the secret is simply not listed.
We're way under the 128 combined vars/secrets limit.
Started noticing this behavior on the 11th secret. And the extra secrets (past 10) that doesn't get updated appears to be random (only tested on 3 builds - need more data to be sure about this.
Actions is set to use latest worker version

- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
  with:
    node-version: lts/*
    check-latest: true
    cache: 'npm'
- uses: cloudflare/wrangler-action@09fc6b504568cf179b085df24393f237fea6c7f6 # v3.1.1
  with:
    wranglerVersion: latest
    apiToken: ${{ secrets... }}
    accountId: ${{ vars... }}
    vars: |
      ...
      ...
    secrets: |
      ...
      ...
      ...
      ...
      ...
      ...
      ...
      ...
      ...
      ...
      ...
  env:
    ...: ${{ vars...}}
    ...: ${{ github...}}
    ...: ${{ secrets...}}
    ...: ${{ secrets...}}
    ...: ${{ secrets...}}
    ...: ${{ secrets... }}
    ...: ${{ secrets... }}
    ...: ${{ secrets... }}
    ...: ${{ secrets...}}
    ...: ${{ secrets... }}
    ...: ${{ secrets...}}
    ...: ${{ secrets... }}
    ...: ${{ secrets...}}

This is not a new worker (so I don't think its related to #162), but these are new secrets (compared to previous deployments of the same worker)

[1000hz]

Hey there! Sorry you're running into trouble.

Just to confirm: are you providing your secret values via env in addition to the list of secret names provided in with.secrets? I'm guessing the answer is yes, but just mentioning this since your example yml didn't include it.

The other thing I want to point out are GitHub Actions' secrets limits. Is it possible you're running into these limits? Either way, we need to ensure the action fails and tells you why if this is the case.

[demosjarco]

Yup, values for both vars and secrets have their matching env pair.
11 secrets per environment (4 environments - they all share the same name but different value - example: api key for production vs dev but for the same resource) + 1 repo secret + 3 org secrets. So under Github's secret limits too

[1000hz]

Hmm, I haven't been able to reproduce this issue. I set up a test repo and ran the action, which you can see here:
https://github.com/1000hz/wrangler-action-secrets-test/actions/runs/6164910823/job/16731638974#step:3:51

I was able to verify that 15 secrets were successfully uploaded. Is there any chance you can put together a reproduction?

[demosjarco]

This repo and its structure is pretty big for reproduction. If we can message somewhere more private, I can provide full logs and workflow runs.

[1000hz]

You can shoot me a message at the same username on Discord and I can dig in further.

[demosjarco]

For the sake of anyone who might stumble upon this later, the issue was a 13KB (the limit is 5KB) secret value was attempting to be uploaded, but there was an invisible workers.api.error.text_binding_too_large error being emitted but the action wasn't picking it up. Also happened to stumble across improper escaping with values that contain quotes.