The most important thing to know about managing your environment variables and secrets is that they should never be kept in the same place. This is because each system has its own way of handling credentials, so it’s prudent to make sure both are stored separately from one another.
The “github actions use environment secrets” is a process that should be followed when using GitHub Actions. Actions is a tool that allows you to automate tasks with the help of code. The process of managing environment variables and secrets can be done through the following steps:
If you’re new to GitHub Actions, you may not know how to save environmental variables. Is it, however, feasible? Yes!
This article will teach you how to preserve your GitHub Action environment variables and secrets, which you may use while working with GitHub Actions.
Ready? Continue reading to get started!
Prerequisites
This tutorial will be a hands-on example that will work on any operating system that has Git installed; however, the lesson will utilize Ubuntu OS. A rudimentary understanding of Git procedures is also required to commit code to a GitHub repository.
Setting GitHub Actions Environmental Variables
You may need to connect environment variables to your workflows when automating tasks using the GitHub Actions workflow. How? With the env keyword, you must first build and declare specific environment variables in the process.
Related:How to Use Hubot to Invoke GitHub Actions from Slack
1. Create a folder called.github/workflows in which you’ll save your workflow file.
2. In the.github/workflows directory, create a file with your selected name. However, in this case, the file is called main.yml. Copy the code below and put it into the main.yml file.
When the code initiated the process, the API KEY environment variable was set and shown.
## Triggers the workflow when a push or ## pull request is made on the main branch: [pull request, push] ## env Environment variable is set. API KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXX jobs: job1: ## The kind of runner that the task will use, in this case ubuntu latest runs-on: ubuntu-latest – step 1’s name ## run: echo referencing your environment variables “$env.API KEY is the API key.” job2: ubuntu-latest runs-on steps: – step 1’s name ## echo is another method to refer to your environment variables. “$API KEY is the API key.”
Related: How to Setup Visual Studio Code on GitHub!
3. Upload the code to your GitHub repository and commit it.
add to git git push -m “update” git commit -m “update”
Updates to the GitHub repository are being sent out.
4. Now open your web browser and go to your GitHub project. Go to the Actions tab and choose your current commit.
You’ll see something similar to the picture below, indicating that GitHub has completed the procedure.
GitHub repository actions
5. Finally, choose either job1 or job2 to verify that you properly referenced the environment variable you created.
Viewing Environment Variables with References (job1)
Viewing Environment Variables with References (job2)
Defining a Job’s Environment Variable
Any task may now reference the environment variable since it has been initialized throughout the workflow file. However, you may just need one job to use the environment variable. If this is the case, include the env keyword in the task itself.
1. In your main.yml file, replace the following code.
The code below demonstrates that once the environment variable is set in one job, it cannot be referenced by other tasks.
## Triggers the workflow when a push or ## pull request is made on the main branch: [pull request, push] job1: ## The kind of runner the job will use runs-on: ubuntu-latest env: ## Environment variable API KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ## Reference your environment variables run: echo – name: step 1 “$env.API KEY is the API key.” job2: ubuntu-latest runs-on steps: ## Another approach to refer to your environment variables is to run: echo “$API KEY is the API key.”
2. Like in the previous part, commit your changes and push jobs from your code to GitHub.
3. Finally, go to your project on GitHub and click on both job1 and job2 to compare them:
- job1 – You’ll see that you’ve correctly accessed the environment variable.
- job2 – There is no API key.
Viewing Environment Variables with References (job1)
Viewing Environment Variables with References (job2)
Defining a Step’s Environment Variable
You may be wondering how you can do the same with the steps now that you know how to declare environment variables inside a job.
You declare the environment variable for each stage in a task the same way you did for the job.
1. Replace the code in your main.yml file with the following code.
The environment variable is specified in step 1 but not in step 2, and the impact is seen in the following stages.
## Triggers the workflow when a push or ## pull request is made on the main branch: [pull request, push] job1: ## The kind of runner on which the job will execute runs-on: ubuntu-latest steps: – name: step 1 env: ## Step 1 environment variable ## Reference your environment variables run: echo API KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX “$env.API KEY is the API key.” ## Reference your environment variables run: echo – name: step 2 “$env.API KEY is the API key.”
2. Now submit the code to GitHub and commit the modifications.
3. Finally, go to your project’s GitHub page and choose job1.
Despite the fact that both steps reference the two API keys in the same work (job1), step 2 was unable to evaluate the API key (blank), as seen below. Why? Because the environment variable was not specified in step 2 of your code.
Steps for setting environment variables
Using GitHub Secrets to Manage Environment Variables
Instead of hardcoding your environment variable, you may wish to use GitHub secrets to store it securely. The values you provide in secrets are encrypted by GitHub and are not accessible or readable to the naked eye.
This method’s secret is available to the whole workflow, tasks, and steps; there are no limitations.
To save your environment variable in GitHub Secrets, follow these steps:
1. First, like in the preceding sections, publish your code to GitHub.
2. Next, go to your GitHub project and choose the Settings tab.
To begin adding a secret, click the Secrets tab below.
Secrets for storing environment variables
3. Then, under New repository secret, fill in the form with information about the secret you’re adding.
Secret repository creation
4. Complete the form (Name and Value) and submit it by clicking the Add secret button. The API KEY has now been stored in GitHub Secrets. GitHub secures environment variables as secrets that you may refer to while working with GitHub Actions in this way.
Filling in the new secret’s name and value
5. Replace the env keyword with secrets in your main.yml file.
You can see below that instead of hard-coding the API key, you use the $secrets.API KEY format to refer to it.
## Triggers the workflow when a push or ## pull request is made on the main branch: [pull request, push] task number one: ## The task will be executed on the following runner: ubuntu-latest steps: ## Reference your environment variables run: echo – name: step 1 “$secrets.API KEY is the API key.” job2: ubuntu-latest runs-on steps: ## Reference your environment variables run: echo – name: step 1 “$secrets.API KEY is the API key.”
6. Finally, commit and publish the code to GitHub, then go to your project on the platform. Please refer to the first section.
You’ll see something similar to the picture below, but the real API key won’t be visible since GitHub encrypts the values you set in secrets.
API key from GitHub secrets shown
Default Referencing Environment Variables on GitHub
GitHub provides a handful of default environment variables that you may use instead of hard-coding paths to access filesystems in the repository. When referencing environment variables provided by GitHub, default GitHub environment variables allow you to be more dynamic.
The following are some of the pathways you may take with the default environment variables:
- GITHUB JOB – Returns the current job’s job id.
- GITHUB ACTION – Returns the current action’s id.
- GITHUB ACTION PATH – Returns the path to where your action is.
- GITHUB ACTOR – specifies the person or app that started the process, such as your GitHub login.
- GITHUB RUN ID – returns the run command’s unique number.
Replace the code in your main.yml file with the following code. The default environment variable indicated in the code is shown in the code below.
## Triggers the workflow when there is a push or ## pull request on the main branch on: [pull request, push] name: env tutorial task number one: ## The task will be executed on the following runner: ubuntu-latest steps: – name: step 1 run: | echo “The job id is: $GITHUB JOB” # reference the default environment variables echo “The id of this action is: $GITHUB ACTION” – name: run: step 2 | echo “$GITHUB RUN ID is the run id.”
Check your activities in your GitHub project after you commit and push the code changes, and you should see something similar to the picture below.
Using the GitHub default environment variables
Conclusion
You’ve learnt how to handle GitHub Actions environment variables in this tutorial. You should now have a basic understanding of how to save environment variables safely and how to utilize the GitHub defaults.
Now, how do you intend to use your newfound understanding to your GitHub Actions work? Maybe save the API keys you’ll need for deployment?
GitHub Actions is a tool that allows developers to create automated workflows. The GitHub Actions environment variables and secrets are very important to the process. You can manage these by using the “github secrets” command-line tool.
Related Tags
- github actions environment variables between steps
- set environment variable github actions
- github actions secrets
- github environment variables
- github environment secrets vs repository secrets