diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 72705fb8..ed40820b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -14,12 +14,14 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set up Node.js version
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4
         with:
           node-version: '14.x'
 
@@ -37,11 +39,26 @@ jobs:
           cp web.config public/
 
       - name: Upload artifact for deployment job
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: node-app
           path: ./public/
 
+      - name: Check for secrets
+        id: check-secrets
+        env:
+          has_secrets: >-
+            ${{
+              secrets.AZURE_CLIENT_ID != '' &&
+              secrets.AZURE_TENANT_ID != '' &&
+              secrets.AZURE_SUBSCRIPTION_ID != '' &&
+              1 ||
+              ''
+            }}
+        if: env.has_secrets
+        run: |
+          echo 'has-secrets=1' >> "$GITHUB_OUTPUT"
+
   deploy:
     runs-on: ubuntu-latest
     needs: build
@@ -49,6 +66,8 @@ jobs:
       name: 'production'
       url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
 
+    if: needs.build.outputs.has-secrets
+
     steps:
       - name: Az CLI login
         uses: azure/login@v1
diff --git a/.github/workflows/deploy_staging.yml b/.github/workflows/deploy_staging.yml
index 572132ad..d413fad1 100644
--- a/.github/workflows/deploy_staging.yml
+++ b/.github/workflows/deploy_staging.yml
@@ -14,12 +14,14 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set up Node.js version
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4
         with:
           node-version: '14.x'
 
@@ -32,16 +34,31 @@ jobs:
         run: |
           node ./script/redirects.js
 
-      - name: Copy rewrites to server root
+      - name: Copy redirects to server root
         run: |
           cp web.config public/
 
       - name: Upload artifact for deployment job
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: node-app
           path: ./public/
 
+      - name: Check for secrets
+        id: check-secrets
+        env:
+          has_secrets: >-
+            ${{
+              secrets.AZURE_STAGING_CLIENT_ID != '' &&
+              secrets.AZURE_TENANT_ID != '' &&
+              secrets.AZURE_SUBSCRIPTION_ID != '' &&
+              1 ||
+              ''
+            }}
+        if: env.has_secrets
+        run: |
+          echo 'has-secrets=1' >> "$GITHUB_OUTPUT"
+  
   deploy:
     runs-on: ubuntu-latest
     needs: build
@@ -49,6 +66,8 @@ jobs:
       name: 'staging'
       url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
 
+    if: needs.build.outputs.has-secrets
+
     steps:
       - name: Az CLI login
         uses: azure/login@v1