Last active
August 26, 2022 19:01
-
-
Save AlexAtkinson/2ecac393e0d4cbd10b53d70fc9e4d91c to your computer and use it in GitHub Desktop.
GH Actions Constructed Secret Name Handling (Useful for handling multiple-envs scenarios)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Constructed Secrets | |
on: | |
workflow_dispatch: | |
inputs: | |
string: | |
description: "String" | |
required: true | |
secret: | |
description: "Secret" | |
required: true | |
type: choice | |
options: | |
- FOO | |
- BAR | |
jobs: | |
setup: | |
name: SETUP | |
runs-on: ubuntu-latest | |
outputs: # Needed for extra-runner access | |
INPUT: ${{ steps.setup.outputs.INPUT }} | |
FOO_SECRET: ${{ steps.setup.outputs.FOO_SECRET }} | |
CONSTRUCTED_SECRET: ${{ steps.setup.outputs.CONSTRUCTED_SECRET }} | |
steps: | |
- name: Setup Environment Variables | |
id: setup | |
run: | | |
INPUT=${{ github.event.inputs.string }} | |
echo "::set-output name=INPUT::$(echo $INPUT)" | |
FOO_SECRET=${{ secrets.FOO_SECRET }} | |
echo "::set-output name=FOO_SECRET::$(echo $FOO_SECRET)" | |
CONSTRUCTED_SECRET=${{ secrets[format('{0}_SECRET', github.event.inputs.secret)] }} | |
echo "::set-output name=CONSTRUCTED_SECRET::$(echo $CONSTRUCTED_SECRET)" | |
echo: | |
name: Echo | |
needs: [setup] | |
env: | |
INPUT: ${{ needs.setup.outputs.INPUT }} | |
FOO_SECRET: ${{ needs.setup.outputs.FOO_SECRET }} | |
CONSTRUCTED_SECRET: ${{ secrets[format('{0}_SECRET', github.event.inputs.secret)] }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Echo Input Variable | |
run: | | |
echo "Input string directly from input event: ${{ github.event.inputs.string }}" | |
echo "Input string from setup outputs: ${{ needs.setup.outputs.INPUT }}" | |
echo "Input string from envar for this runner: ${{ env.INPUT }}" | |
echo -e "\nSecrets cannot transit the actions backplane (ie: outputs)." | |
echo "Secret transiting output (no point in this anyhow): ${{ env.FOO_SECRET }}" | |
echo -e "\nConstructed secret in env block of this runner (preferred, deobfuscated with spaces):" | |
echo "${{ env.CONSTRUCTED_SECRET }}" | sed 's/./& /g' | |
echo -e "\nConstructed secret in-place (deobfuscated with spaces):" | |
echo "${{ secrets[format('{0}_SECRET', github.event.inputs.secret)] }}" | sed 's/./& /g' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Requires two repo secrets to be set:
Format ref: https://docs.github.com/en/actions/learn-github-actions/expressions#format