如何在 JS 文件中使用 Github 机密
[英]How can I use Github secrets in JS files
问题描述
I have a basic git repo set up with github actions to build and deploy (HTML and TS files mainly).
我有一个基本的 git repo 设置了 github 操作来构建和部署(主要是 HTML 和 TS 文件)。
However I have to use in some API Keys that needs to be secret.但是我必须在一些需要保密的 API 密钥中使用。
So I figure out to use GITHUB SECRETS for them.所以我想为他们使用 GITHUB SECRETS。
How can I access GITHUB SECRETS in my js (or TS) files so it can build with github actions properly?如何在我的 js(或 TS)文件中访问 GITHUB SECRETS,以便它可以使用 github 操作正确构建?
3 个解决方案
解决方案1
23 已采纳 2020-01-10 21:29:53
You can pass-in Secrets as ENV variables.您可以将 Secrets 作为 ENV 变量传入。
Example:例子:
...
steps:
- name: Git checkout
uses: actions/checkout@v2
- name: Use Node 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Install Dependencies (prod)
run: yarn install --frozen-lockfile --production
- name: Run Tests (JEST)
run: yarn test --ci --silent --testPathIgnorePatterns=experimental
env:
CI: true
API_KEY: ${{ secrets.API_KEY }}
In Node.js you can access it via process.env.API_KEY .在 Node.js 中,您可以通过process.env.API_KEY访问它。
解决方案2
2 2020-01-11 09:57:37
I Find a way to achieve it although it might not be the best (And I'm definitly not bash expert)我找到了实现它的方法,尽管它可能不是最好的(而且我绝对不是 bash 专家)
So create a setEnv.sh file所以创建一个 setEnv.sh 文件
mkdir env
echo "export const environment = { firebase_api_key : '$1' }" > env/env.ts
That take as your API key as first parameter, create a env folder and save TS code with your api key.将您的 API 密钥作为第一个参数,创建一个 env 文件夹并使用您的 api 密钥保存 TS 代码。
Then add this line然后添加这一行
- run: sh setEnvironment.sh ${{ secrets.FIREBASE_API_KEY }}
Into your github action script, which will execute your script and set the Secret Key.进入您的 github 操作脚本,该脚本将执行您的脚本并设置密钥。
You'll now just have to use environment.firebase_api_key in your code.您现在只需在代码中使用environment.firebase_api_key即可。
Note: Your build needs to encrypt your key otherwise it will be exposed.注意:您的构建需要加密您的密钥,否则它将被暴露。 But this can be usefull for example if you use API keys on your website and you also want your website code to be available in public on Github, without those plain keys.但这可能很有用,例如,如果您在您的网站上使用 API 密钥,并且您还希望您的网站代码在 Github 上公开可用,而无需这些普通密钥。
解决方案3
0 2022-06-11 11:00:31
I created an action exactly for that - takes all the secrets and exports them to environment variables.我为此创建了一个动作 - 获取所有秘密并将它们导出到环境变量。
An example would be:一个例子是:
...
- run: node -e "console.log(process.env.MY_SECRET1)"
env:
MY_SECRET1: ${{ secrets.MY_SECRET1 }}
MY_SECRET2: ${{ secrets.MY_SECRET2 }}
MY_SECRET3: ${{ secrets.MY_SECRET3 }}
MY_SECRET4: ${{ secrets.MY_SECRET4 }}
MY_SECRET5: ${{ secrets.MY_SECRET5 }}
MY_SECRET6: ${{ secrets.MY_SECRET6 }}
...
You could convert it to:您可以将其转换为:
...
- uses: oNaiPs/secrets-to-env-action@v1
with:
secrets: ${{ toJSON(secrets) }}
- run: node -e "console.log(process.env.MY_SECRET1)"
Link to the action, which contains more documentation about configuration: https://github.com/oNaiPs/secrets-to-env-action链接到操作,其中包含有关配置的更多文档: https ://github.com/oNaiPs/secrets-to-env-action
You should be able to use them after running the action in your JS code using process.env.MY_SECRET1使用process.env.MY_SECRET1在 JS 代码中运行操作后,您应该能够使用它们
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.