03-1. Environments and Secrets #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 03-1. Environments and Secrets | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
# Limit the permissions of the GITHUB_TOKEN | |
permissions: | |
contents: read | |
actions: read | |
deployments: read | |
env: | |
PROD_URL: 'https://github.com' | |
DOCS_URL: 'https://docs.github.com' | |
DEV_URL: 'https://docs.github.com/en/developers' | |
jobs: | |
use-secrets: | |
name: Use secrets | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
steps: | |
- name: Hello world action with secrets | |
uses: actions/hello-world-javascript-action@main | |
with: # Set the secret as an input | |
who-to-greet: ${{ secrets.MY_REPO_SECRET }} | |
env: # Or as an environment variable | |
super_secret: ${{ secrets.MY_REPO_SECRET }} | |
- name: Echo secret is redacted in the logs | |
run: | | |
echo Env secret is ${{ secrets.MY_REPO_SECRET }} | |
echo Warning: GitHub automatically redacts secrets printed to the log, | |
echo but you should avoid printing secrets to the log intentionally. | |
echo ${{ secrets.MY_REPO_SECRET }} | sed 's/./& /g' | |
use-environment-dev: | |
name: Use DEV environment | |
runs-on: ubuntu-latest | |
# Use conditionals to control whether the job is triggered or skipped | |
# if: ${{ github.event_name == 'pull_request' }} | |
# An environment can be specified per job | |
# If the environment cannot be found, it will be created | |
environment: | |
name: DEV | |
url: ${{ env.DEV_URL }} | |
steps: | |
- run: echo "Run id = ${{ github.run_id }}" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Step that uses the DEV environment | |
run: echo "Deployment to ${{ env.URL1 }}..." | |
- name: Echo env secret is redacted in the logs | |
run: | | |
echo Env secret is ${{ secrets.MY_ENV_SECRET }} | |
echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g' | |
use-environment-test: | |
name: Use TEST environment | |
runs-on: ubuntu-latest | |
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
needs: use-environment-dev | |
environment: | |
name: TEST | |
url: ${{ env.DOCS_URL }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Step that uses the TEST environment | |
run: echo "Deployment to ${{ env.DOCS_URL }}..." | |
# Secrets are redacted in the logs | |
- name: Echo secrets are redacted in the logs | |
run: | | |
echo Repo secret is ${{ secrets.MY_REPO_SECRET }} | |
echo Org secret is ${{ secrets.MY_ORG_SECRET }} | |
echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }} | |
use-environment-uat: | |
name: Use UAT environment | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
needs: use-environment-test | |
environment: | |
name: UAT | |
url: 'https://uat.github.com' | |
steps: | |
- name: Step that uses the UAT environment | |
run: echo "Deployment to UAT..." | |
env: | |
env_secret: ${{ secrets.MY_ENV_SECRET }} | |
use-environment-prod: | |
name: Use PROD environment | |
runs-on: ubuntu-latest | |
#if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
needs: use-environment-uat | |
environment: | |
name: PROD | |
url: ${{ env.PROD_URL }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Step that uses the PROD environment | |
run: echo "Deployment to ${{ env.PROD_URL }}..." |