Description

The apify push command has problematic behavior when actor.json contains environment variables that reference non-existent secrets. Instead of failing with an error (which would be the expected behavior), it:

1. Only shows a warning message
2. Continues with the deployment
3. Silently omits the environment variables that reference missing secrets

This can lead to actors being deployed in production without required environment variables, potentially causing runtime failures that are difficult to debug.

Expected Behavior

The push command should fail with a clear error message indicating that required secrets are missing, similar to how other validation errors are handled.

Actual Behavior

• Push succeeds ✅
• Shows warning: Value for NONEXISTENT_SECRET not found in local secrets. Set it by calling "apify secrets add NONEXISTENT_SECRET [SECRET_VALUE]" ⚠️
• Actor is deployed without the environment variable (silently omitted)

Root Cause

In src/lib/secrets.ts, both replaceSecretsValue() and transformEnvToEnvVars() functions only emit warnings for missing secrets instead of throwing errors:

// Lines 104-106 in transformEnvToEnvVars()
} else {
    warning({
        message: `Value for ${secretKey} not found in local secrets. Set it by calling "apify secrets add ${secretKey} [SECRET_VALUE]"`,
    });
}

Suggested Fix

The push command should fail when any referenced secrets are missing. This could be implemented by:

1. Making transformEnvToEnvVars() throw an error instead of just warning when secrets are missing
2. Or adding validation in the push command to check all secret references before deployment
3. Potentially adding a --ignore-missing-secrets flag for cases where the current behavior might be desired

Additional Context

This affects the apify push command, the apify run command and potentially other commands.