Skip to content
/ vars-to-env-action Public
forked from oNaiPs/secrets-to-env-action

Export your GitHub Actions variables/secrets to environment variables

License

MIT license
0 stars 28 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

infovista-opensource/vars-to-env-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags
 
 

Repository files navigation

vars-to-env

vars-to-env-action status

This action provides the following functionality for GitHub Actions users:

  • Read Github secrets/variables and export all of them as environment variables
  • Optionally including, excluding and manipulating variables as needed before importing
    • Include or exclude secrets (comma separated, supports regex)
    • Add/remove a prefix to all exported envvars
    • Override already existing variables (default is true)

Node Version

Use @v1 for node16 and @v2 for node20.

Usage

Add the following action to your workflow:

- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}

After running this action, subsequent actions will be able to access the secrets as env variables. Note the secrets key. It is mandatory so the action can read and export the secrets.

Basic:

steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
- run: echo "Value of MY_SECRET: $MY_SECRET"

Include or exclude secrets:

Exclude defined secret(s) from list of secrets (comma separated, supports regex).

steps:
- uses: actions/checkout@v3
- uses: oNaiPs/secrets-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    exclude: DUMMY_.+
  # DUMMY_* are not exported

Only include secret(s) from list of secrets (comma separated, supports regex).

steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    include: MY_SECRET, MY_OTHER_SECRETS_*
- run: echo "Value of MY_SECRET: $MY_SECRET"

To export secrets that start with a given string, you can use include: PREFIX_.+ or PREFIX_.*.

NOTE: If specified secret does not exist, it is ignored.

Add a prefix:

Adds a prefix to all exported secrets.

steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    prefix: PREFIXED_
- run: echo "Value of PREFIXED_MY_SECRET: $PREFIXED_MY_SECRET"

Remove a prefix:

Remove a prefix to all exported secrets, if present.

steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    exclude: PREFIX2_.+
    removeprefix: PREFIX1_
- run: echo "Value of PREFIX1_MY_SECRET: $MY_SECRET"

Override:

Overrides already existing variables (default is false)

env:
  MY_SECRET: DONT_OVERRIDE
steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    override: false
- run: echo "Value of MY_SECRET: $MY_SECRET"
Value of MY_SECRET: DONT_OVERRIDE

Convert:

Converts all exported secrets case to lower or upper. Default is upper.

steps:
- uses: actions/checkout@v3
- uses: infovista-opensource/vars-to-env-action@v1
  with:
    secrets: ${{ toJSON(secrets) }}
    convert: lower
- run: echo "Value of my_secret: $my_secret"

How it works

This action uses the input in secrets to read all the secrets in the JSON format, and exporting all the variables one by one.
It can of course used with any context, expecially vars.

Why we forked the action

We at Infovista have multiple fleets of self-hosted github runners, in several datacenters.
In order to keep them equivalent, we have to dynamically configure jobs to access the right on-prem resources via the same environment variables, referenced in the action code. As these resources are named differently in each datacenter, we have to "switch" the values of the environment variables, depending on the datacenter.

We customized the runner's systemd unit in each datacenter to inject a ONPREM_RUNNER_LOCATION environment variable that we use for filtering out the secrets and for removing the prefix, in order to have the same variable set wherever the job runs.
For example, FRANCE_DOCKER_MIRROR and FRANCE_DOCKER_PASSWORD become respectively DOCKER_MIRROR and DOCKER_PASSWORD, so the action scripts can use them without knowing the datacenter. Same for USA_DOCKER_*, etc.

This way:

  • we can distribute build jobs on many datacenters
  • the same job will run leveraging "local" resources
  • no changes needed in the CI code

License

The scripts and documentation in this project are released under the MIT License.

Contributions

Contributions are welcome! Past contributors:

  • José Luis Pereira @oNaiPs
  • Tamas Kadar @KTamas

Local development

# setup
yarn install
# before pushing the code to GH
yarn run all

About

Export your GitHub Actions variables/secrets to environment variables

Topics

continuous-integration actions github-secrets github-actions

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

node20 release Latest
Jan 29, 2024
+ 2 releases

Languages

  • TypeScript 98.0%
  • JavaScript 2.0%