I'm writing my own Docker Github Action and I need access to some Github environment variable, specifically to the GITHUB_WORKSPACE variable.
I assume the user has called the checkout#v2 action beforehand and in my action.yml the run section looks as follows
runs:
using: 'docker'
image: 'Dockerfile'
args:
- ${{ github.workspace }}
But I get the following error
Unrecognized named-value: 'github'. Located at position 1 within
expression: github.workspace
How do I make the supposedly globally available Github environment variables accessible from my action?
You do not need to do anything.
These variables are available directly in the container (in your action). They are injected by GitHub.
In the action.yaml you do not need to specify anything and you can then access them in you code.
Note: The input values are also injected, but they start with INPUT_ and are capitalized.
Related
I have two steps in GitHub Actions:
The first uploads a zipped artifact:
- name: Upload artifact
uses: actions/upload-artifact#master
with:
name: artifacts
path: target/*.jar
The second uses a custom java command to read the uploaded artifact:
name: Read artifact
runs: java -jar pipeline-scan.jar -- "artifacts.zip"
I've redacted the java command, but it's supposed to scan my zip file using Veracode. GitHub Actions returns the following error:
java -jar pipeline-scan.jar: error: argument -f/--file: Insufficient
permissions to read file: 'artifacts.zip'
I've tried changing the permissions of the GITHUB_TOKEN, but apparently you can only pass in the $GITHUB_TOKEN secret with a "uses" parameter and not a "runs" parameter. I've also made sure that my default workflow permissions are set to "read and write permissions."
Does anyone know how to resolve this permissions issue?
As far as I understood, the "secret" ACTIONS_STEP_DEBUG is set to true when you relaunch a workflow in "debug mode" on Github Actions for a repository.
Now I'd like to hook onto this like a switch to print additional information from python commands that are executed in my actions/steps.
Is it possible to turn ACTIONS_STEP_DEBUG into an environment variable or how could I access it from within a step (like bash or even in python)?
So found I can use the secrets, to set an env, however only for workflows, not for the action, for some reason.
env:
IS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
I have a number of secrets, stored in Settings/Secrets/Action of my repo.
The various secrets are used by my application but none of them are used in the command.
name: BuildCheck
on:
push:
pull_request:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: 14
- run: npm ci
- run: npm run build
Do I need to add all the variables under env top level map in the config file above in order for the action to use them?
This seems to break my automated flow of managing secrets with Doppler.
Is there a way to inject all secrets, without explicitly specifying them? (I did look at the docs but failed to find if this is possible)
Coming from Vercel, which does this it feels like a bit of a step back.
There's a bit to unpack here.
Do I need to add all the variables?
The short answer: yes.
However what's good to consider is that secrets often only configure connections between system in the form of secret keys or application access using a license or credentials.
It is not common to add other configuration options inside the secrets.
Under env: top level map in the workflow file?
I would discourage putting secrets in the top level env.
Reason is that env will be exposed to all subsequent jobs. In case someone adds a job that's not trusted with this information (say an external action) it could become a problem.
So what's good practice?
Firstly: Split configuration from secrets:
Using configuration files for configuration options.
Using secrets for secret keys or other credentials.
Secondly: Using security first.
Configure each workflow step with just the information it needs
Explicitly pass secret variables to action parameters
Lastly: store configuration as close to the app as possible, optionally having multiple - each for a different environment.
Comparison with Vercel
Vercel abstracts away the workflow entirely and as a result can only do very specific things. The nature of each system is different and gives you different levels of flexibility.
Firstly: Split configuration from secrets:
Using configuration files for configuration options.
Using secrets for secret keys or other credentials.
There is now another option:
GitHub Actions – Support for configuration variables in workflows (Jan. 2023)
Today, we are adding support for configuration variables in GitHub Actions
Previously, you needed to store this configuration data as encrypted secrets in order to reuse values in workflows.
While extremely secure, this method did not allow for easy storage and retrieval of non-sensitive configuration data such as compiler flags, usernames, server names etc.
Configuration variables allows you to store your non sensitive data as plain text variables that can be reused across your workflows in your repository or organization.
You can define variables at Organization, Repository or Environment level based on your requirement.
Configuration variables can be accessed across the workflow using a new vars context.
The following example shows how configuration variables can be used in a workflow.
jobs:
display-variables:
runs-on: ${{ vars.RUNNER }}
steps:
- name: Use variables
run: |
echo "Repository variable : ${{ vars.REPOSITORY_VAR }}"
echo "Organization variable : ${{ vars.ORGANIZATION_VAR }}"
Note: Variables feature is in public beta
Learn more about configuration variables
I have a bash script that sets a series of environment variables.
My action includes the following two steps:
- name: Set env variables
run: source ./setvars.sh
- name: dump env variables
run: env
I notice setvars.sh runs successfully, but all of the variables defined inside it are missing after the steps.
How can I use a bash .sh script to add environment variables to the context of the workflow?
I don't see environment variables defined by sourcing file in GitHub Actions workflow.
I only see them defined as map (key-value) at the job or workflow level (since oct. 2019).
See if you can cat your file and append its content to GITHUB_ENV.
i am trying to pass default git branch as prompt parameter while starting the build. I have tried using environment variable and configuration variable. but some how its not working. Actually i want to build different branches as per user input. further this will be used as octopus deploy package.
Ashish
We use TeamCity with TFS and I would imagine it would be similar with GIT. We have added a build configuration parameter:
Name: checkout.rules
Kind: Configuration parameter
Value: +:Branches/HOTFIX => .
The Value is a default value which can be overwritten. Then under Version Control Settings, add a Checkout Rule which references the parameter:
%checkout.rules%