skip to Main Content

I’m trying to assign a Gituhub Secrets value to an environment variable, but I can’t.

I have saved my Google API Key in a Github Actions Secrets.
I wrote a Github Actions workflow to first assign the secrets value to GOOGLE_API_KEY, then create .env file, and write GOOGLE_API_KEY = $GOOGLE_API_KEY to the file.

However, the value is returned as blank, when I try to access the secret value by ${{ secrets.GOOGLE_API_KEY }}.

enter image description here

if it’s shown as "***", I guess the action actually get the secret value and it’s just filtered, but in my case it’s just nothing.

Could anybody give me a clue as to how to access a Secrets value?

My (simplified) GitHub Action is as follows:

name: Run rspec

on:
  workflow_call:

jobs:
  rspec:
    runs-on: ubuntu-latest
    env:
      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.1.3
          bundler-cache: true

      - name: Database create and migrate
        run: |
          cp config/database.yml.ci config/database.yml
          bundle exec rails db:create RAILS_ENV=test
          bundle exec rails db:migrate RAILS_ENV=test

      - name: Create dotenv file
        run: |
          touch .env
          echo GOOGLE_API_KEY = $GOOGLE_API_KEY >> .env

      - name: Run rspec
        run: |
          bundle exec rspec

I can get a Actions Variables by ${{ vars.GOOGLE_API_KEY }}, if I save the API key in Actions Variables, which I know I shouldn’t.

2

Answers


  1. Chosen as BEST ANSWER

    I found that a reusable workflow needs to inherit secrets from the calling workflow. So all I needed to do was adding secrets: inherit to 'deploy.yml' which calls this rspec workflow.

    jobs:
      rspec:
        uses: ./.github/workflows/rspec.yml
        secrets: inherit
    

  2. I made a test and it works with your workflow

    on:
        workflow_dispatch:
    
    jobs:
      rspec:
        runs-on: ubuntu-latest
        env:
            GOOGLE_API_KEY: ${{ secrets.SuperSecret }}
    
        steps:
            - name: display
              run: |
                echo "$GOOGLE_API_KEY" |  awk '$1=$1' FS= OFS=" "
    
                touch .env
                echo GOOGLE_API_KEY = $GOOGLE_API_KEY >> .env
    
                cat .env | awk '$1=$1' FS= OFS=" "
    

    Here is display:

    enter image description here

    Could you check in the way how I did it. (Please revoke your API key once you finish your tests)

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search