GitHub Actions 中在使用策略矩阵模式时,使用机密的正确方法是什么?

huangapple go评论95阅读模式
英文:

What is the correct way of using secrets in strategy-matrix pattern in GitHub Actions?

问题

我正在使用GitHub Actions来进行一个项目。我有一个使用案例,当需要部署到两个不同的环境时。由于域名的数量可能会增加,我想要以参数化的方式一次性部署到所有这些域名。

以下是我的工作中出现问题的部分:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1'], ['old-main', 'books-v2']]

上述部分工作得很好,但如果我需要从secrets中添加新的变量,工作流程就无法正常工作。请查看下面的片段:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1', ${{ secrets.URL_V1 }}], ['old-main', 'books-v2', ${{ secrets.URL_V2 }}]]

我已经查阅了GitHub Actions文档。我还在GitHub上搜索了现有的示例以查看是否存在类似的解决方案。到目前为止,我还没有找到类似的用例。

是否有办法让它像这样工作?有什么替代方法可以实现我的目标?

GitHub Actions的错误消息:

您的yaml语法在第XYZ行存在错误。

英文:

I am using GitHub Actions for one of the projects. I have a use case when I need to deploy to 2 different environments. As the number of domains may grow, I want to deploy to all of them at once parametrically.

Part of my job that fails:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1'], ['old-main', 'books-v2']]

The above part works perfectly but if I need to add new variants from the secrets, the workflow doesn't work. See the snippet below:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1', ${{ secrets.URL_V1 }}], ['old-main', 'books-v2', ${{ secrets.URL_V2 }}]]

I checked GitHub Actions docs. I also searched available examples on GitHub to see existing solutions. So far, I didn't find a similar use case.

Is there a way to make it work like that? What are alternatives to my approach that will work?

GitHub Actions failure message:
> You have an error in your yaml syntax on line XYZ

答案1

得分: 0

在YAML级别,将${{ secrets... }}用单引号括起来可以修复语法错误。

但是,根据上下文可用性secrets上下文在stratey下不被允许。允许的上下文包括:

jobs.<job_id>.strategy    github, needs, vars, inputs

你可以使用vars上下文来满足你的需求。

除此之外,使用https://rhysd.github.io/actionlint/ 对你的工作流进行linting会更快地识别潜在问题。


更新(由Dmytro Chasovskyi提供)

以下是使用vars上下文的示例:

有一个名为DOMAINS的变量,配置如下:

{
   "v1": {
     "url": "http://localhost:80/api/v1"
   },
   "v2": {
     "url": "http://localhost:80/api/v2"
   }
}

工作流程将如下所示:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1', '${{ vars.DOMAINS.v1.url }}'], ['old-main', 'books-v2', '${{ vars.DOMAINS.v2.url }}']]
英文:

At the YAML level, single quotes around ${{ secrets... }} should fix the syntax error.

But, according to the Context availability, the secrets context is not allowed under stratey. The allowed contexts are:

jobs.<job_id>.strategy	    github, needs, vars, inputs

You can make use of the vars context for your use case.

Apart from that, linting your workflow with https://rhysd.github.io/actionlint/ would be much faster to identify potential issues.


UPDATE (by Dmytro Chasovskyi)

Here is an example with the vars context:

With a variable DOMAINS having this config:

{
   "v1": {
     "url": "http://localhost:80/api/v1"
   },
   "v2": {
     "url": "http://localhost:80/api/v2"
   }
}

the workflow will be:

jobs:
  build:
    strategy:
      matrix:
        domain: [['main', 'books-v1', '${{ vars.DOMAINS.v1.url }}'], ['old-main', 'books-v2', '${{ vars.DOMAINS.v2.url }}']]

huangapple
  • 本文由 发表于 2023年2月8日 21:19:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/75386396.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定