generated from githubabcs/gh-abcs-actions
-
Notifications
You must be signed in to change notification settings - Fork 2
133 lines (108 loc) · 4 KB
/
environments-secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: 03-1. Environments and Secrets
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
# Limit the permissions of the GITHUB_TOKEN
permissions:
contents: read
actions: read
deployments: read
env:
PROD_URL: 'https://github.com'
DOCS_URL: 'https://docs.github.com'
DEV_URL: 'https://docs.github.com/en/developers'
jobs:
use-secrets:
name: Use secrets
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
steps:
- name: Hello world action with secrets
uses: actions/hello-world-javascript-action@main
with: # Set the secret as an input
who-to-greet: ${{ secrets.MY_REPO_SECRET }}
env: # Or as an environment variable
super_secret: ${{ secrets.MY_REPO_SECRET }}
- name: Echo secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_REPO_SECRET }}
echo Warning: GitHub automatically redacts secrets printed to the log,
echo but you should avoid printing secrets to the log intentionally.
echo ${{ secrets.MY_REPO_SECRET }} | sed 's/./& /g'
use-environment-dev:
name: Use DEV environment
runs-on: ubuntu-latest
# Use conditionals to control whether the job is triggered or skipped
# if: ${{ github.event_name == 'pull_request' }}
# An environment can be specified per job
# If the environment cannot be found, it will be created
environment:
name: DEV
url: ${{ env.DEV_URL }}
steps:
- run: echo "Run id = ${{ github.run_id }}"
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the DEV environment
run: echo "Deployment to ${{ env.URL1 }}..."
- name: Echo env secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_ENV_SECRET }}
echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g'
echo ${{ secrets.MY_ENV_SECRET }} | base64
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo ${{ secrets.MY_ORG_SECRET }} | base64
use-environment-test:
name: Use TEST environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-dev
environment:
name: TEST
url: ${{ env.DOCS_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the TEST environment
run: echo "Deployment to ${{ env.DOCS_URL }}..."
# Secrets are redacted in the logs
- name: Echo secrets are redacted in the logs
run: |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }}
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }}
use-environment-uat:
name: Use UAT environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-test
environment:
name: UAT
url: 'https://uat.github.com'
steps:
- name: Step that uses the UAT environment
run: echo "Deployment to UAT..."
env:
env_secret: ${{ secrets.MY_ENV_SECRET }}
use-environment-prod:
name: Use PROD environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-test
environment:
name: PROD
url: ${{ env.PROD_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
# Secrets are redacted in the logs
- name: Echo secrets are redacted in the logs
run: |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }}
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }}
- name: Step that uses the PROD environment
run: echo "Deployment to ${{ env.PROD_URL }}..."