From 13f927c8068ef86976db70211d0d625656edcb9b Mon Sep 17 00:00:00 2001
From: toga4 <81744248+toga4@users.noreply.github.com>
Date: Fri, 23 Jan 2026 10:30:58 +0900
Subject: [PATCH] fix: set outputs/env vars for empty string field values

Empty string field values from 1Password were causing the action to skip setting outputs and environment variables entirely.
This was inconsistent with `op run` behavior, which sets the variable with an empty value.

- Change falsy check to explicit null/undefined check in extractSecret
- Skip setSecret for empty strings to avoid runner warning
- Add tests for empty string value handling
---
 src/utils.test.ts | 35 +++++++++++++++++++++++++++++++++++
 src/utils.ts      |  8 ++++++--
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/utils.test.ts b/src/utils.test.ts
index a3114ae..0dd0ffe 100644
--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -106,6 +106,41 @@ describe("extractSecret", () => {
 		);
 		expect(core.setSecret).toHaveBeenCalledWith(testSecretValue);
 	});
+
+	describe("when secret value is empty string", () => {
+		const emptySecretValue = "";
+
+		beforeEach(() => {
+			(read.parse as jest.Mock).mockReturnValue(emptySecretValue);
+		});
+
+		afterEach(() => {
+			(read.parse as jest.Mock).mockReturnValue(testSecretValue);
+		});
+
+		it("should set empty string as step output", () => {
+			extractSecret(envTestSecretEnv, false);
+			expect(core.setOutput).toHaveBeenCalledWith(
+				envTestSecretEnv,
+				emptySecretValue,
+			);
+			expect(core.exportVariable).not.toHaveBeenCalled();
+		});
+
+		it("should set empty string as environment variable", () => {
+			extractSecret(envTestSecretEnv, true);
+			expect(core.exportVariable).toHaveBeenCalledWith(
+				envTestSecretEnv,
+				emptySecretValue,
+			);
+			expect(core.setOutput).not.toHaveBeenCalled();
+		});
+
+		it("should not call setSecret for empty string", () => {
+			extractSecret(envTestSecretEnv, false);
+			expect(core.setSecret).not.toHaveBeenCalled();
+		});
+	});
 });
 
 describe("loadSecrets", () => {
diff --git a/src/utils.ts b/src/utils.ts
index 6996cc6..571620d 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -41,7 +41,7 @@ export const extractSecret = (
 	}
 
 	const secretValue = read.parse(ref);
-	if (!secretValue) {
+	if (secretValue === null || secretValue === undefined) {
 		return;
 	}
 
@@ -50,7 +50,11 @@ export const extractSecret = (
 	} else {
 		core.setOutput(envName, secretValue);
 	}
-	core.setSecret(secretValue);
+	// Skip setSecret for empty strings to avoid the warning:
+	// "Can't add secret mask for empty string in ##[add-mask] command."
+	if (secretValue) {
+		core.setSecret(secretValue);
+	}
 };
 
 export const loadSecrets = async (shouldExportEnv: boolean): Promise<void> => {