I've seen other SO answers but none of them seem to work. I guess I'm just trying to do something pretty simple with Github Actions. Just make a access_key available to my github action, without putting it in my github repo. So I see we can create action secrets that should be passed to the github action. I also understand we cant just log secret keys for security, so I would expect *** instead when trying to log. For the life of me I can't figure out why the secrets are not *** but they are empty. And even when Im using them in my scripts, they don't appear to have any value to them. Here is my workflow thats relevant
name: CI
on:
push:
branches:
- master
env:
AWS_S3_BUCKET: ${{ secrets.AWS_PRODUCTION_BUCKET_NAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
jobs:
deploy:
runs-on: ubuntu-latest
env:
CI: true
strategy:
matrix:
node-version: [14.x]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
publish_dir: ./build
- name: Test Env
run: |
echo 'The GitHub Action Secret will be masked: '
echo ${{ secrets.GITHUB_TOKEN }}
echo 'Testing secret if its masked: '
printenv
When I run this, I see that GITHUB_TOKEN is indeed ***, which makes sense. But all the secrets that I've added to my repository settings > secrets > action secrets, they are just blank, not *** and if i try to use them via ${{ secrets.AWS_ACCESS_KEY }} its also blank.
My repo is public, I am pushing to master as well. I have admin rights to my repo.
In my case I hadn't referenced the environment containing the secrets from my script. Eventually found this in the documentation but it's incredibly frustrating that it just returns blank secrets instead of raising some kind of error message.
jobs:
myjobname:
runs-on: ubuntu-latest
environment: myenvironment # THIS WAS MISSING
steps:
# The steps in the action
Documentation link: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment
Ok looks like theres different kinds of secrets. I was adding Action Secrets which makes sense to me. I want secrets for Actions. Theres another section called Environment Secrets which when I put it in that, it worked. Kinda confusing.
One big problem I can see is that you are trying to access the secrets outside jobs. From the official documents here, it is done at the level of the steps through encryption.
Related
I'm new with gatsby and github actions. I'm trying to publish the website on github.
Here's my publish.yml file
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v3
with:
node-version: 18
- uses: enriikke/gatsby-gh-pages-action#v2
with:
access-token: ${{ secrets.**** }}
deploy-branch: gh-pages
gatsby-args: --prefix-paths
But I have this error on github:
/usr/bin/git push -f https://***#github.com/lentsius-bark/krystof-klestil.git master:gh-pages
fatal: could not read Password for 'https://***#github.com': No such device or address
Error: The process '/usr/bin/git' failed with exit code 128
The error looks like there is some issue with the access token that git push is trying to use.
Try these methods to resolve the issue.
Make sure that the access token you're using is valid and has the appropriate permissions to push to the gh-pages branch. You can create a new personal access token in your GitHub account settings if needed.
In your workflow file, change ${{ secrets.**** }} to ${{ secrets.ACCESS_TOKEN }} (replace ACCESS_TOKEN with the name of your actual secret). This will ensure that the access token is correctly substituted in the enriikke/gatsby-gh-pages-action#v2 step.
I'm using github environments in my github workflow. I want to read the environment name in a step of a job.
According to this documentation. It seems that the job context does not have that information. Is it any other way to achieve this?
Basically this is what i want to achieve:
jobs:
deployment:
name: Deploy to dev
environment: dev
runs-on: ubuntu-latest
steps:
- run: echo ${{ job.environment.name }}
# Expected to print 'dev'
you should use: jobs.<job_id>.environment.
See in docs: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
I currently have a GitHub Action that triggers on:
pull_request_review:
types: [submitted]
I then want to run a command, which expects the contents of changes of the Pull Request.
Previously, I was using
on:
push
and I had no issues with the contents of the files being available in the Action context.
However, my command is failing now, and I think it's because the context only includes the commit that the action was triggered on (no file changes.)
Previously I was running this action on push and that was always successful, with the file changes being available in the context.
I'm using:
steps:
- uses: actions/checkout#v2
(https://github.com/actions/checkout)
Is it possible to use this to have all the file changes on the Pull Request within the Action context?
Any help on this would be appreciated!
You can do that by using an open source Action available on marketplace:
jobs:
build:
runs-on: ubuntu-latest # windows-latest | macos-latest
name: Test changed-files
steps:
- uses: actions/checkout#v2
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files#v14.6
- name: List all changed files
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
echo "$file was changed"
done
The solution above uses git checkout and git diff to get files changed by PR. Alternatively if you really need just information about paths changed and you don't really need files themselves (no checkout) - you can do it without checkout using gh CLI:
gh pr view XXX --json files -q '.files[].path'
You can run it like this:
jobs:
comment:
runs-on: ubuntu-latest
steps:
- run: gh pr view XXX --json files -q '.files[].path'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I'm trying to organize my workflow artifacts (on a self-hosted runner) using a structure similar to this:
c:\github\artifacts\{org}\{repo}\{runid}
Different organizations in our enterprise COULD have a repository with the same name, so I wanted to be able to organize by organization name.
I have this so far:
c:\github\artifacts\{org}\{${{ github.event.repository.name }}\${{ github.run_id }}\
How can I determine the organization name?
You can get that from github context. Here are few that might be of use:
${{ github.repository }}
${{ github.repository_owner }}
If you don't know what are the values and which env variables are available to runner, you can just run env in a step to print it out, like so:
name: Print environment variables
on:
workflow_dispatch:
jobs:
debug:
runs-on: ubuntu-latest
steps:
- name: Print
run: env | sort
I have a simple workflow:
name: Test CI
env:
path_to_watch_for_commits: 'testdir/testfile'
on:
push:
branches:
- master
paths:
- ${{ env.path_to_watch_for_commits }}
workflow_dispatch:
jobs:
build:
runs-on: ubuntu
steps:
- uses: actions/checkout#v2
I want to use variable path_to_watch_for_commits in paths. But this syntax is wrong. Also i try ${{ path_to_watch_for_commits }} and $path_to_watch_for_commits with no results. What am i doing wrong?
There is a Naming conventions for environment variables explaining that:
Any new environment variables you set that point to a location on the filesystem should have a _PATH suffix. The HOME and GITHUB_WORKSPACE default variables are exceptions to this convention because the words "home" and "workspace" already imply a location.
Regarding the use of environment variables at different levels inside the workflow, here is an example with WORKFLOW, JOB and STEP variables:
name: Example
on: [push, workflow_dispatch]
env:
WORKFLOW_VARIABLE: WORKFLOW
jobs:
test:
runs-on: ubuntu-latest
env:
JOB_VARIABLE: JOB
steps:
- name: Run Commands with various variables
if: ${{ env.WORKFLOW_VARIABLE == 'WORKFLOW' }}
env:
STEP_VARIABLE: STEP
run: |
echo "Hello World"
echo "This is the $WORKFLOW_VARIABLE environment variable"
echo "This is the $JOB_VARIABLE environment variable"
echo "This is the $STEP_VARIABLE environment variable"
Regarding the possibility of the behaviour you want to achieve in your workflow, you can't set variables at the workflow and use them as paths on the same level, because:
Variables are substituted in the runner operating system after the job
is sent to the runner.
Reference
A workaround could be to trigger the workflow every time on push event, using the paths-filter action with an if conditional to execute specific steps if it match your paths.
It's not the best solution regarding optimisation, but it will work.