03-1. Environments and Secrets #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 03-1. Environments and Secrets | |
| on: | |
| # push: | |
| # branches: [main] | |
| # pull_request: | |
| # branches: [main] | |
| workflow_dispatch: | |
| # Limit the permissions of the GITHUB_TOKEN | |
| permissions: | |
| contents: read | |
| actions: read | |
| deployments: read | |
| env: | |
| PROD_URL: "https://github.com" | |
| DOCS_URL: "https://docs.github.com" | |
| DEV_URL: "https://docs.github.com/en/developers" | |
| jobs: | |
| use-environment-dev: | |
| name: Use DEV environment | |
| runs-on: ubuntu-latest | |
| # Use conditionals to control whether the job is triggered or skipped | |
| # if: ${{ github.event_name == 'pull_request' }} | |
| # An environment can be specified per job | |
| # If the environment cannot be found, it will be created | |
| environment: | |
| name: DEV | |
| url: ${{ env.DEV_URL }} | |
| steps: | |
| - run: echo "Run id = ${{ github.run_id }}" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Step that uses the DEV environment | |
| run: echo "Deployment to ${{ env.URL1 }}..." | |
| - name: Echo env secret is redacted in the logs | |
| run: | | |
| # install base64 to encode secrets | |
| sudo apt-get install -y coreutils | |
| # check base64 is installed | |
| base64 --version | |
| echo Env secret is ${{ secrets.MY_ENV_SECRET }} | |
| echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g' | |
| echo ${{ secrets.MY_ENV_SECRET }} | base64 | |
| echo Org secret is ${{ secrets.MY_ORG_SECRET }} | |
| echo ${{ secrets.MY_ORG_SECRET }} | sed 's/./& /g' | |
| echo ${{ secrets.MY_ORG_SECRET }} | base64 | |
| use-environment-test: | |
| name: Use TEST environment | |
| runs-on: ubuntu-latest | |
| #if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
| needs: use-environment-dev | |
| environment: | |
| name: TEST | |
| url: ${{ env.DOCS_URL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Step that uses the TEST environment | |
| run: echo "Deployment to ${{ env.DOCS_URL }}..." | |
| # Secrets are redacted in the logs | |
| - name: Echo secrets are redacted in the logs | |
| run: | | |
| # install base64 to encode secrets | |
| sudo apt-get install -y coreutils | |
| # check base64 is installed | |
| base64 --version | |
| echo Repo secret is ${{ secrets.MY_REPO_SECRET }} | |
| echo ${{ secrets.MY_REPO_SECRET }} | sed 's/./& /g' | |
| echo ${{ secrets.MY_REPO_SECRET }} | base64 | |
| echo Org secret is ${{ secrets.MY_ORG_SECRET }} | |
| echo ${{ secrets.MY_ORG_SECRET }} | sed 's/./& /g' | |
| echo ${{ secrets.MY_ORG_SECRET }} | base64 | |
| echo Env secret is not accessible ${{ secrets.MY_ENV_SECRET }} | |
| echo ${{ secrets.MY_ENV_SECRET }} | sed 's/./& /g' | |
| echo ${{ secrets.MY_ENV_SECRET }} | base64 | |
| use-environment-prod: | |
| name: Use PROD environment | |
| runs-on: ubuntu-latest | |
| #if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
| needs: use-environment-test | |
| environment: | |
| name: PROD | |
| url: ${{ env.PROD_URL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Step that uses the PROD environment | |
| run: echo "Deployment to ${{ env.PROD_URL }}..." |