forked from im-juma-training-sb/gh-abcs-actions
-
Notifications
You must be signed in to change notification settings - Fork 0
122 lines (99 loc) · 3.54 KB
/
environments-secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: 03-1. Environments and Secrets
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
# Limit the permissions of the GITHUB_TOKEN
permissions:
contents: read
actions: read
deployments: read
env:
PROD_URL: 'https://github.com'
DOCS_URL: 'https://docs.github.com'
DEV_URL: 'https://docs.github.com/en/developers'
jobs:
use-secrets:
name: Use secrets
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
steps:
- name: Hello world action with secrets
uses: actions/hello-world-javascript-action@main
with: # Set the secret as an input
who-to-greet: ${{ secrets.MY_REPO_SECRET }}
env: # Or as an environment variable
super_secret: ${{ secrets.MY_REPO_SECRET }}
- name: Echo secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_REPO_SECRET }}
echo Warning: GitHub automatically redacts secrets printed to the log,
echo but you should avoid printing secrets to the log intentionally.
echo ${{ secrets.MY_REPO_SECRET }} | sed 's/./& /g'
use-environment-dev:
name: Use DEV environment
runs-on: ubuntu-latest
# Use conditionals to control whether the job is triggered or skipped
# if: ${{ github.event_name == 'pull_request' }}
# An environment can be specified per job
# If the environment cannot be found, it will be created
environment:
name: DEV
url: ${{ env.DEV_URL }}
steps:
- run: echo "Run id = ${{ github.run_id }}"
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the DEV environment
run: echo "Deployment to ${{ env.URL1 }}..."
- name: Echo env secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_ENV_SECRET }}
echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g'
use-environment-test:
name: Use TEST environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-dev
environment:
name: TEST
url: ${{ env.DOCS_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the TEST environment
run: echo "Deployment to ${{ env.DOCS_URL }}..."
# Secrets are redacted in the logs
- name: Echo secrets are redacted in the logs
run: |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }}
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }}
use-environment-uat:
name: Use UAT environment
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-test
environment:
name: UAT
url: 'https://uat.github.com'
steps:
- name: Step that uses the UAT environment
run: echo "Deployment to UAT..."
env:
env_secret: ${{ secrets.MY_ENV_SECRET }}
use-environment-prod:
name: Use PROD environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-uat
environment:
name: PROD
url: ${{ env.PROD_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the PROD environment
run: echo "Deployment to ${{ env.PROD_URL }}..."