[英]How to access secrets in Javascript GitHub actions?
I am developing a reusable workflow using Javascript actions by following this tutorial .我正在按照本教程使用Javascript操作开发可重用的工作流。 My
action.yml
looks like this.我的
action.yml
看起来像这样。
name: "Test"
description: "Reusable workflow"
inputs:
input-one:
required: false
type: string
runs:
using: 'node16'
main: 'dist/index.js'
But my question is how to access the secrets in dist/index.js
?.但我的问题是如何访问
dist/index.js
中的秘密?。 Please note that I don't want the user to supply the secret as input, I would like to store the secret in my reusable workflow repository and use it whenever it's needed.请注意,我不希望用户提供密码作为输入,我想将密码存储在我的可重用工作流存储库中,并在需要时使用它。
I tried to change the action.yml
with env
(So that I can use node process.env
API to get the secret) but it's failing with an error saying that Unexpected value 'env'
.我试图用
env
更改action.yml
(这样我就可以使用 node process.env
API 来获取秘密)但它失败了,并显示错误Unexpected value 'env'
。
name: "Test"
description: "Reusable workflow"
inputs:
input-one:
required: false
type: string
runs:
using: 'node16'
main: 'dist/index.js'
env:
DUMMY_VAL: ${{ secrets.MY_REPOSITORY_SECRET }}
I don't think that's possible.我不认为这是可能的。 That would be somewhat a security vulnerability.
这在某种程度上是一个安全漏洞。
Examples clearly show that secrets have to be explicitly passed https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow示例清楚地表明必须显式传递秘密https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
You can experiment with default
value for it but looks like it's not supported for workflows.您可以尝试使用它的
default
值,但看起来工作流不支持它。 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecrets https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecrets
It would look like this (probably won't work):它看起来像这样(可能行不通):
on:
workflow_call:
secrets:
access-token:
description: 'Your secret'
required: false
default: ${{ secrets.your-secret }}
If it doesn't work you can try suggesting it as a feature here: https://github.com/orgs/community/discussions/categories/actions-and-packages如果它不起作用,您可以尝试在此处将其建议为功能: https://github.com/orgs/community/discussions/categories/actions-and-packages
On GitHub.com, navigate to the main page of the repository.在 GitHub.com 上,导航到存储库的主页。 Under your repository name, click Settings.
在您的存储库名称下,单击设置。 In the "Security" section of the sidebar, select Secrets, then click Actions.
在边栏的“安全”部分,select Secrets,然后单击操作。 Click New repository secret.
单击新建存储库密码。 Credit: Google
学分:谷歌
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.