DEV Community

JL
JL

Posted on

GitHub Workflow - Data

Data can be held in various places in GitHub workflow runs.

Job-Level Variable

      - name: Test accessing var in bash
        env:
          temp: ${{ github.event.inputs.json-override }}
        run: |
          echo $temp
Enter fullscreen mode Exit fullscreen mode

Output
Can be used to pass information between sequential jobs.
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

- name: Save state
  run: echo "{name}={value}" >> $GITHUB_STATE

- name: Set output
  run: echo "{name}={value}" >> $GITHUB_OUTPUT
Enter fullscreen mode Exit fullscreen mode

Refer to output from previous job
https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs

jobs:
  job1:
    runs-on: ubuntu-latest
    # Map a step output to a job output
    outputs:
      output1: ${{ steps.step1.outputs.test }}
      output2: ${{ steps.step2.outputs.test }}
    steps:
      - id: step1
        run: echo "test=hello" >> "$GITHUB_OUTPUT"
      - id: step2
        run: echo "test=world" >> "$GITHUB_OUTPUT"
  job2:
    runs-on: ubuntu-latest
    needs: job1
    steps:
      - env:
          OUTPUT1: ${{needs.job1.outputs.output1}}
          OUTPUT2: ${{needs.job1.outputs.output2}}
        run: echo "$OUTPUT1 $OUTPUT2"
Enter fullscreen mode Exit fullscreen mode

Variables

  • Environment variables
  • Repository variables
  • Organization variables

Note: to use Environment variables, you have to specify the environment at job level.
job-abc:
environment: NONPROD

Refer to as

 ${{ vars['ADMIN_PASSWORD'] }} 
 ${{ vars.ADMIN_PASSWORD }} 
Enter fullscreen mode Exit fullscreen mode

Secrets
It is similar to variable. However they are better protected:
In the logs, any output form of secrets will be masked.

Refer to as

 ${{ secrets['ADMIN_PASSWORD'] }} 
 ${{ secrets.ADMIN_PASSWORD }} 
Enter fullscreen mode Exit fullscreen mode

Other restrictions found are:

  • The bash shell being called in the job cannot access GitHub’s secret variables. The viable path is to assign them to env of the job and access the env in the bash.
  • GitHub secret variables cannot be accessed by specifying the key dynamically. You must provide a static string. The best you can do is:

  • Matrix cannot be a solution as there is no way to share a writable variable between each run of matrix jobs.

  • Github does not support saving the content which has masked secrets

The only way to see the content of a secret is to output to a file and save it in artifact

      - name: Temp Verify
        if: false
        run: |
          echo ${{ secrets[github.event.inputs.single-param-name] }} > temp.txt

      - name: Archive production artifacts
        if: false
        uses: actions/upload-artifact@v3
        with:
          name: dist-without-markdown
          path: |
            temp.txt
Enter fullscreen mode Exit fullscreen mode

Matrix
Can have one template job run multiple times based on an array (or all possible combinations from multi-dimensional arrays).

jobs:
  matrix-poc:
    strategy:
      matrix:
        secret_name: ['A', 'B']

    steps:
      - name: Iterate
        run: |
          echo ${{ secrets[matrix.secret_name] }} 
Enter fullscreen mode Exit fullscreen mode

Event Inputs
This is a read-only value which can only be assigned by user input when triggering the workflow manually. There are 4 data types: In addition to the default string type, we now support choice, boolean, and environment.

    inputs:
      environment-string:
        type: choice
        required: true
        description: Please select your deployment environment. Purely a literal string.
        default: dev
        options:
          - dev
          - tst

      environment-repo:
        description: 'Environment to run against. From what you specify in the repo'
        type: environment
        required: true

      debug:
        description: Debug mode or not
        required: false
        default: boolean

      # refer to as 
      # echo '${{ github.event.inputs.json-override }}' > json-override.json
      json-string-example:
        description: JSON string
        required: false
        default: '{
                      "key1": "value1",
                      "key2": "value2"
                  }'

Enter fullscreen mode Exit fullscreen mode

Top comments (0)