From cf2f9208712f8410c1ce4bab12c472f6c5cc6db1 Mon Sep 17 00:00:00 2001
From: jumainfomagnus <163571282+jumainfomagnus@users.noreply.github.com>
Date: Fri, 22 Nov 2024 10:49:10 -0500
Subject: [PATCH] Initial commit

---
 .github/workflows/demo-secrets-env.yml | 58 ++++++++++++++++++++++++++
 README.md                              | 55 ++++++++++++++++++++++++
 testfile                               |  1 +
 3 files changed, 114 insertions(+)
 create mode 100644 .github/workflows/demo-secrets-env.yml
 create mode 100644 README.md
 create mode 100644 testfile

diff --git a/.github/workflows/demo-secrets-env.yml b/.github/workflows/demo-secrets-env.yml
new file mode 100644
index 0000000..15fefdd
--- /dev/null
+++ b/.github/workflows/demo-secrets-env.yml
@@ -0,0 +1,58 @@
+name: Use secrets and environments
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+# Limit the permissions of the GITHUB_TOKEN
+permissions:
+  contents: read
+  actions: read
+  deployments: write
+
+env:
+  URL1: 'https://github.com'
+  URL2: 'https://docs.github.com'
+
+jobs:
+  use-environment-1:
+    name: Use environment 1
+    runs-on: ubuntu-latest
+    # Use conditionals to control whether the job is triggered or skipped
+    if: ${{ github.event_name == 'pull_request' }}
+    
+    # An environment can be specified per job
+    # We can use variables and expressions in the URL field
+    # If the environment cannot be found, it will be created
+    environment:
+      name: test
+      url: ${{ env.URL1 }}
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Some step using the environment
+        run: echo "In this step we could for example do the deployment to ${{ env.URL1 }} ..."
+
+  use-environment-2:
+    name: Use environment 2
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    
+    environment:
+      name: prod
+      url: ${{ env.URL2 }}
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Some actions logic
+        run: echo "In this step we could for example do the deployment to ${{ env.URL2 }}..."
+      
+      # Secrets are redacted in the logs
+      - name: Echo a secret
+        run: echo ${{ secrets.MY_REPO_SECRET }}
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..12ddcaa
--- /dev/null
+++ b/README.md
@@ -0,0 +1,55 @@
+# :rocket: Environments and secrets
+
+Demo repository for using Environments and Secrets in workflows.
+
+- :exclamation: **This is a template repository**
+- :exclamation: **This demo contains GHEC/GHES-specific features**
+  - The **Environments** feature is only available for GHEC, GHES (>=v3.1), and public repositories
+- **If you have a GHEC organization available**, then please click ***Use this template*** to clone the repo into that organization
+- **If you do not have a GHEC organization available**, please run the demo in this repository. Just make sure to complete the **Cleanup** steps afterwards :house_with_garden:
+
+## Usage 
+
+### Creating environments
+
+1. In the repository, go to **Settings** --> **Environments**
+1. Create an environment (e.g. `test`)
+    - No additional settings
+1. Create another environment (e.g. `prod`) 
+    - Add a required reviewer (you can set yourself as the required reviewer)
+    - The protection rules will be used later in the demo
+
+### Creating secrets
+
+1. In the organization, go to **Settings** --> **Secrets** (if you have org owner access to the organization. If not, skip this step.)
+    - Add an org secret (e.g. `MY_ORG_SECRET`) with an arbitrary value
+    - Show how org secrets can be scoped to specific repositories
+1. In the repository, go to **Settings** --> **Secrets**
+    - Add a repository secret (e.g. `MY_REPO_SECRET`) with an arbitrary value
+1. In the repository, go to **Settings** --> **Environments**
+    - For one of the environments, add an environment secret (e.g. `MY_ENV_SECRET`)
+
+### Using Environments and Secrets in a workflow
+
+:bulb: Ensure that the secrets and environments added above corresponds to what is defined in the workflow.
+
+1. Use one of the existing workflows in `.github/workflows`
+1. Walk through the syntax
+1. Trigger the workflow by opening a new PR and ensure it succeeds
+    - E.g. edit one of the test files
+1. Show the environments GUI inside the PR (the **Deployments** section)
+1. Merge the PR
+1. If **Required reviewers** were added to the environment, the workflow should be halted until it is reviewed
+1. Show how to review a deployment, and ensure the job proceeds
+1. Show where to locate all Environments and deployments for the repository
+    - The **Environments** section on the repository landing page
+1. Show the redaction of secrets in the workflows log
+
+### :house_with_garden: Cleanup
+
+1. If the workflow was run in this repository, perform the following steps:
+    - Delete all secrets created
+    - Delete all environments created
+    - Ensure any PRs are closed/merged
+    - Delete any branches created
+
diff --git a/testfile b/testfile
new file mode 100644
index 0000000..907b308
--- /dev/null
+++ b/testfile
@@ -0,0 +1 @@
+blah