name: ENV variables
on: push
env:
WF_ENV: Available to all jobs
jobs:
log-env:
runs-on: ubuntu-latest
env:
JOB_ENV: Available to all steps in log-env job
steps:
- name: Log ENV variables
env:
STEP_ENV: Available to only this step
run: |
echo "WF_ENV: ${WF_ENV}"
echo "WF_ENV: ${JOB_ENV}"
echo "WF_ENV: ${STEP_ENV}"
- name: Log ENV2
run: |
echo "WF_ENV: ${WF_ENV}"
echo "WF_ENV: ${JOB_ENV}"
echo "WF_ENV: ${STEP_ENV}" #won't be accessible here
to access secrets.: add an entry like WF_ENV in secret on repo settings and access it using
${{secrets.WF_ENV}}
secrets.GITHUB_TOKEN --- default one available, to access github api or for pushing anything.
to push a file to different repo.:
---
steps:
- name: push a random file
run: |
pwd
ls -a
git init
git remote add origin "https://$GITHUB_ACTOR:${{secrets.GITHUB_TOKEN}}@github.com/$GITHUB_REPOSITORY.git"
git config --global user.email "my-bot@bot.com"
git config --global user.name "my-bot"
git fetch
git checkout master
git branch --set-upstream-to=origin/master
git pull
ls -a
echo $RANDOM >> random.txt
git add -A
git commit -m"Random file"
git push
encrypt and decrypt file:
---
download link for command line tool: gnupg.org
gpg is the tool to encrypt the file as secrets.json.gpg
Upload this encrypted file in your github and at runtime use below step to decrypt the file.
steps:
- uses: actions/checkout@v1
- name: Decrypt file
run: gpg --quiet --batch --yes --decrypt --passphrase="$PASSPHRASE" --output $HOME/secrets.json secrets.json.gpg
env:
PASSPHRASE: ${{secrets.PASSPHRASE}}
No comments:
Post a Comment