Skip to content

03-1. Environments and Secrets #2

03-1. Environments and Secrets

03-1. Environments and Secrets #2

name: 03-1. Environments and Secrets
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
# Limit the permissions of the GITHUB_TOKEN
permissions:
contents: read
actions: read
deployments: read
env:
PROD_URL: 'https://github.com'
DOCS_URL: 'https://docs.github.com'
DEV_URL: 'https://docs.github.com/en/developers'
jobs:
use-secrets:
name: Use secrets
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
steps:
- name: Hello world action with secrets
uses: actions/hello-world-javascript-action@main
with: # Set the secret as an input
who-to-greet: ${{ secrets.MY_REPO_SECRET }}
env: # Or as an environment variable
super_secret: ${{ secrets.MY_REPO_SECRET }}
- name: Echo secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_REPO_SECRET }}
echo Warning: GitHub automatically redacts secrets printed to the log,
echo but you should avoid printing secrets to the log intentionally.
echo ${{ secrets.MY_REPO_SECRET }} | sed 's/./& /g'
use-environment-dev:
name: Use DEV environment
runs-on: ubuntu-latest
# Use conditionals to control whether the job is triggered or skipped
# if: ${{ github.event_name == 'pull_request' }}
# An environment can be specified per job
# If the environment cannot be found, it will be created
environment:
name: DEV
url: ${{ env.DEV_URL }}
steps:
- run: echo "Run id = ${{ github.run_id }}"
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the DEV environment
run: echo "Deployment to ${{ env.URL1 }}..."
- name: Echo env secret is redacted in the logs
run: |
echo Env secret is ${{ secrets.MY_ENV_SECRET }}
echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g'
use-environment-test:
name: Use TEST environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-dev
environment:
name: TEST
url: ${{ env.DOCS_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the TEST environment
run: echo "Deployment to ${{ env.DOCS_URL }}..."
# Secrets are redacted in the logs
- name: Echo secrets are redacted in the logs
run: |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }}
echo Org secret is ${{ secrets.MY_ORG_SECRET }}
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }}
use-environment-uat:
name: Use UAT environment
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-test
environment:
name: UAT
url: 'https://uat.github.com'
steps:
- name: Step that uses the UAT environment
run: echo "Deployment to UAT..."
env:
env_secret: ${{ secrets.MY_ENV_SECRET }}
use-environment-prod:
name: Use PROD environment
runs-on: ubuntu-latest
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: use-environment-uat
environment:
name: PROD
url: ${{ env.PROD_URL }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Step that uses the PROD environment
run: echo "Deployment to ${{ env.PROD_URL }}..."