8

Github provides secrets, whose values can be used in workflows. Unfortunately, the values of secrets is protected and we can't easily see it in the repo or debug it in the workflow as it is scrubbed.

Is there a way to define an "environment variable" in the repository that can be easily seen and debugged? My use case is for configuration that can be easily modified if the repo is forked.

asked Jun 15, 2022 at 16:20
5
  • If it should be seen and debugged, why not include it in the workflow YAML file rather than secrets? Commented Jun 15, 2022 at 16:23
  • If they can be easily seen, then what's the point of having secrets at all?! If they are not secrets, then you can simply do this: docs.github.com/en/actions/learn-github-actions/… (see the Greeting environment variable) Commented Jun 15, 2022 at 16:23
  • I want the values to be easily configured or changed without having to change the code itself. Commented Jun 15, 2022 at 19:41
  • @brc-dd thanks for the example. The value of the environment variables in the examples have to be hard-coded, passed by secrets or reference outputs from other steps / jobs. If What I wanted to do is provide input to the workflow file from outside the workflow, without using secrets. Commented Jun 15, 2022 at 19:44
  • @AnugerahErlaut You can do something like this: github.com/brc-dd/env-from-file Commented Jun 15, 2022 at 20:01

2 Answers 2

10

You can store environment variables in an .env file like this:

FOO=bar

Then you can write code to append data from that file to $GITHUB_ENV:

name: CI
on:
 workflow_dispatch:
jobs:
 foo:
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v3
 - run: cat .env >> $GITHUB_ENV
 - name: Use the value
 run: echo $FOO

You'll need to do cat .env >> $GITHUB_ENV (and use actions/checkout) for each job where you need to access env vars from that file.

DO NOT STORE SECRETS IN .env -- use it only for storing configurations, etc.

Complete code: https://github.com/brc-dd/env-from-file

You can also change .env to something like .env.github to keep things more organized.

answered Jun 15, 2022 at 20:11
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for your answer! Not ideal, but I think this is the closest way to doing it.
0

FYI: you can pass secret as env variable inside job.

Sample job where I have added foo as a secret in actions workflow:

 name: simple secret 
 id: secret_env 
 env: 
 foo: ${{ secrets.foo}} 
 run: echo $foo

above is example but ignore code syntax issues because of comments format here..

Martijn
16.2k4 gold badges39 silver badges73 bronze badges
answered Dec 4, 2022 at 14:16

1 Comment

you are not supposed to have secrets in env

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.