Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

github actions not receiving secrets

I've seen other SO answers but none of them seem to work. I guess I'm just trying to do something pretty simple with Github Actions. Just make a access_key available to my github action, without putting it in my github repo. So I see we can create action secrets that should be passed to the github action. I also understand we cant just log secret keys for security, so I would expect *** instead when trying to log. For the life of me I can't figure out why the secrets are not *** but they are empty. And even when Im using them in my scripts, they don't appear to have any value to them. Here is my workflow thats relevant

name: CI
on:
  push:
    branches:
      - master
env:
  AWS_S3_BUCKET: ${{ secrets.AWS_PRODUCTION_BUCKET_NAME }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  AWS_REGION: ${{ secrets.AWS_REGION }}
jobs:
  deploy:
    runs-on: ubuntu-latest
    env:
      CI: true
    strategy:
      matrix:
        node-version: [14.x]
    steps:
    - uses: actions/checkout@v1
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
        publish_dir: ./build
    - name: Test Env
      run: |
        echo 'The GitHub Action Secret will be masked:  '
        echo ${{ secrets.GITHUB_TOKEN }}
        echo 'Testing secret if its masked: '
        printenv

When I run this, I see that GITHUB_TOKEN is indeed ***, which makes sense. But all the secrets that I've added to my repository settings > secrets > action secrets, they are just blank, not *** and if i try to use them via ${{ secrets.AWS_ACCESS_KEY }} its also blank.

My repo is public, I am pushing to master as well. I have admin rights to my repo.

like image 854
npm packages Avatar asked Feb 09 '21 06:02

npm packages


2 Answers

In my case I hadn't referenced the environment containing the secrets from my script. Eventually found this in the documentation but it's incredibly frustrating that it just returns blank secrets instead of raising some kind of error message.

jobs:
  myjobname:
    runs-on: ubuntu-latest
    environment: myenvironment  # THIS WAS MISSING
    steps:
      # The steps in the action

Documentation link: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment

like image 107
foz Avatar answered Oct 11 '22 07:10

foz


Ok looks like theres different kinds of secrets. I was adding Action Secrets which makes sense to me. I want secrets for Actions. Theres another section called Environment Secrets which when I put it in that, it worked. Kinda confusing.

like image 43
npm packages Avatar answered Oct 11 '22 05:10

npm packages