Data can be held in various places in GitHub workflow runs.
Job-Level Variable
- name: Test accessing var in bash
env:
temp: ${{ github.event.inputs.json-override }}
run: |
echo $temp
Output
Can be used to pass information between sequential jobs.
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
- name: Save state
run: echo "{name}={value}" >> $GITHUB_STATE
- name: Set output
run: echo "{name}={value}" >> $GITHUB_OUTPUT
Refer to output from previous job
https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs
jobs:
job1:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
output1: ${{ steps.step1.outputs.test }}
output2: ${{ steps.step2.outputs.test }}
steps:
- id: step1
run: echo "test=hello" >> "$GITHUB_OUTPUT"
- id: step2
run: echo "test=world" >> "$GITHUB_OUTPUT"
job2:
runs-on: ubuntu-latest
needs: job1
steps:
- env:
OUTPUT1: ${{needs.job1.outputs.output1}}
OUTPUT2: ${{needs.job1.outputs.output2}}
run: echo "$OUTPUT1 $OUTPUT2"
Variables
- Environment variables
- Repository variables
- Organization variables
Note: to use Environment variables, you have to specify the environment at job level.
job-abc:
environment: NONPROD
Refer to as
${{ vars['ADMIN_PASSWORD'] }}
${{ vars.ADMIN_PASSWORD }}
Secrets
It is similar to variable. However they are better protected:
In the logs, any output form of secrets will be masked.
Refer to as
${{ secrets['ADMIN_PASSWORD'] }}
${{ secrets.ADMIN_PASSWORD }}
Other restrictions found are:
- The bash shell being called in the job cannot access GitHub’s secret variables. The viable path is to assign them to env of the job and access the env in the bash.
GitHub secret variables cannot be accessed by specifying the key dynamically. You must provide a static string. The best you can do is:
Matrix cannot be a solution as there is no way to share a writable variable between each run of matrix jobs.
Github does not support saving the content which has masked secrets
The only way to see the content of a secret is to output to a file and save it in artifact
- name: Temp Verify
if: false
run: |
echo ${{ secrets[github.event.inputs.single-param-name] }} > temp.txt
- name: Archive production artifacts
if: false
uses: actions/upload-artifact@v3
with:
name: dist-without-markdown
path: |
temp.txt
Matrix
Can have one template job run multiple times based on an array (or all possible combinations from multi-dimensional arrays).
jobs:
matrix-poc:
strategy:
matrix:
secret_name: ['A', 'B']
steps:
- name: Iterate
run: |
echo ${{ secrets[matrix.secret_name] }}
Event Inputs
This is a read-only value which can only be assigned by user input when triggering the workflow manually. There are 4 data types: In addition to the default string type, we now support choice, boolean, and environment.
inputs:
environment-string:
type: choice
required: true
description: Please select your deployment environment. Purely a literal string.
default: dev
options:
- dev
- tst
environment-repo:
description: 'Environment to run against. From what you specify in the repo'
type: environment
required: true
debug:
description: Debug mode or not
required: false
default: boolean
# refer to as
# echo '${{ github.event.inputs.json-override }}' > json-override.json
json-string-example:
description: JSON string
required: false
default: '{
"key1": "value1",
"key2": "value2"
}'
Top comments (0)