如何在 GitHub Action 上参数化机密
[英]How to parameterize secrets on GitHub Action
问题描述
We have two branches in repository (dev/prd), each representing a deployment environment.
我们在存储库 (dev/prd) 中有两个分支,每个分支代表一个部署环境。 Also we have GitHub action secrets for each branch, in dev branch it should be dev_react_api, in prd branch it should be prd_react_api.我们还有每个分支的 GitHub 操作秘密,在 dev 分支中应该是 dev_react_api,在 prd 分支中应该是 prd_react_api。
Now we are working on a GitHub action workflow using these secrets secrets.dev_react_api and secrets.prd_react_api现在我们正在使用这些秘密secrets.dev_react_api 和secrets.prd_react_api 处理GitHub 操作工作流
Is there a solution to parameterize GitHub action secrets like the following ?是否有解决方案来参数化 GitHub 操作机密,如下所示?
# only pseudo-code
env:
branch_name: github.ref
secrets["${env.branch_name}_react_api"]
2 个解决方案
解决方案1
1 2022-05-12 12:48:25
You can use Environment Secrets for that.您可以为此使用环境机密。
First Goto: Settings -> Environments -> New Environment首先转到:设置 -> 环境 -> 新环境
Create a new environment and MAKE SURE your environment name matches your branch name创建一个新环境并确保您的环境名称与您的分支名称匹配
Now you can create any environment secrets that you want, now the trick is, you need two files to use Environment Secrets.现在您可以创建任何您想要的环境机密,现在的诀窍是,您需要两个文件来使用环境机密。 First is the main.yml and the second is your (for example) deploy.yml第一个是 main.yml,第二个是你的(例如) deploy.yml
on:
push:
branches:
- main
- staging
- development
permissions: write-all
jobs:
deploy:
uses: ./.github/workflows/deploy.yml
with:
environment: ${{ github.ref_name }}
secrets:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
The second files that USES the environment:使用环境的第二个文件:
name: Deployment
on:
workflow_call:
inputs:
environment:
required: true
type: string
secrets:
AWS_S3_BUCKET:
required: true
jobs:
deploy:
name: Deploy
environment: ${{ github.ref_name }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: jakejarvis/s3-sync-action@master
name: Deploy to S3
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
with:
args: --acl public-read --follow-symlinks --delete
Now you can create any number of environments with different parameters!现在您可以使用不同的参数创建任意数量的环境!
For more details see: https://github.com/olivatooo/github-actions-build-deploy-with-staging-production-environment/有关更多详细信息,请参阅: https ://github.com/olivatooo/github-actions-build-deploy-with-staging-production-environment/
解决方案2
0 已采纳 2021-08-24 19:49:49
It should work exactly like you have shown with the dynamic name.它应该与您使用动态名称显示的完全一样。 secrets is just a variable and you provide the key name either explicitly secrets.x implicitly secrets['x'] . secrets只是一个变量,您可以显式提供密钥名称secrets.x隐式secrets['x'] 。 Building your key dynamicly works just fine as such.动态地构建你的密钥就可以了。 The additional env branch_name is also unneeded since you can just get that value directly in the string.额外的 env branch_name也不需要,因为您可以直接在字符串中获取该值。
If you have a paid GitHub plan or are using a public repo, you can also take a look at Environments which take care of this entirely by instead defining two separate environments with the required secrets each.如果您有付费的 GitHub 计划或正在使用公共存储库,您还可以查看Environments ,它通过定义两个单独的环境来完全解决这个问题,每个环境都具有所需的秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.