-
Notifications
You must be signed in to change notification settings - Fork 272
91 lines (72 loc) · 2.48 KB
/
environments-secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: 03-1. Environments and Secrets
on:
# push:
# branches: [main]
# pull_request:
# branches: [main]
workflow_dispatch:
# Limit the permissions of the GITHUB_TOKEN
permissions:
contents: read
actions: read
deployments: read
env:
PROD_URL: 'https://github.com'
DOCS_URL: 'https://docs.github.com'
DEV_URL: 'https://docs.github.com/en/developers'
jobs:
use-environment-dev:
name: Use DEV environment
runs-on: ubuntu-latest
# Use conditionals to control whether the job is triggered or skipped
# if: ${{ github.event_name == 'pull_request' }}
# An environment can be specified per job
# If the environment cannot be found, it will be created
environment:
name: DEV
url: ${{ env.DEV_URL }}
steps:
- run: echo "Run id = ${{ github.run_id }}"
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the DEV environment
run: echo "Deployment to ${{ env.URL1 }}..."
- name: Echo env secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_ENV_SECRET }}
echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g'
echo ${{ secrets.MY_ENV_SECRET }} | base64
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo ${{ secrets.MY_ORG_SECRET }} | base64
use-environment-test:
name: Use TEST environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-dev
environment:
name: TEST
url: ${{ env.DOCS_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the TEST environment
run: echo "Deployment to ${{ env.DOCS_URL }}..."
# Secrets are redacted in the logs
- name: Echo secrets are redacted in the logs
run: |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }}
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }}
use-environment-prod:
name: Use PROD environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-test
environment:
name: PROD
url: ${{ env.PROD_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the PROD environment
run: echo "Deployment to ${{ env.PROD_URL }}..."