如何根据提供的秘密名称列表,在GitHub Action 中动态使用GitHub Secrets?

huangapple go评论60阅读模式
英文:

How to dynamically use github secrets in a github action, according to list of secret names provided?

问题

以下是您要翻译的内容:

"What i'm trying to achieve, is eventually to dispatch an action, with list of comma separated secret names.

What i want to do is to loop over the names and use the secrets, from this example - just print them.

I have 2 secrets SEC_1 and SEC_2 in my repo.

jobs:
dev:
name: dev
runs-on: ubuntu-22.04
env:
ENVIRONMENT: DEV
steps:
- run: |
# Define the secrets
secrets="SEC_1,SEC_2"

      # Split the secrets string into an array
      IFS=',' read -ra secret_array <<< "$secrets"

      # Loop over the secret names and echo their values
      for secret_name in "${secret_array[@]}"; do
        echo ${{ format('{0}', '$secret_name') }}

        # This prints nothing!
        echo ${{ secrets[format('{0}', '$secret_name')] }} | sed 's/./& /g'
      done

    # This works perfectly
    echo ${{ secrets[format('{0}', 'SEC_1')] }} | sed 's/./& /g'
    echo ${{ secrets[format('{0}', 'SEC_2')] }} | sed 's/./& /g'

i've tried some solutions from here - but nothing works as i don't have fixed number of variables i can define as env vars

What am i missing?


As per the comment, managed to do it, thanks @Azeem!

on:
workflow_dispatch:
inputs:
my_secrets:
description: "list of secrets to fetch"
required: true

permissions:
contents: read

jobs:
dev:
name: dev
runs-on: ubuntu-22.04
env:
SECRETS: '${{ toJson(secrets) }}'
steps:
- run: |
IFS=',' read -ra string_array <<< ${{ github.event.inputs.my_secrets }}

      for secret in &quot;${string_array[@]}&quot;; do
        value=&quot;$(jq -r --arg key &quot;$secret&quot; &#39;.[$key]&#39; &lt;&lt;&lt; &quot;$SECRETS&quot; | sed &#39;s|.|&amp; |g&#39;)&quot;
        echo &quot;$secret: $value&quot;
      done"

希望这能帮助到您。

英文:

What i'm trying to achieve, is eventually to dispatch an action, with list of comma separated secret names.

What i want to do is to loop over the names and use the secrets, from this example - just print them.

I have 2 secrets SEC_1 and SEC_2 in my repo.

jobs:
  dev:
    name: dev
    runs-on: ubuntu-22.04
    env:
      ENVIRONMENT: DEV
    steps:
      - run: |
          # Define the secrets
          secrets=&quot;SEC_1,SEC_2&quot;

          # Split the secrets string into an array
          IFS=&#39;,&#39; read -ra secret_array &lt;&lt;&lt; &quot;$secrets&quot;

          # Loop over the secret names and echo their values
          for secret_name in &quot;${secret_array[@]}&quot;; do
            echo ${{ format(&#39;{0}&#39;, &#39;$secret_name&#39;) }}

            # This prints nothing!
            echo ${{ secrets[format(&#39;{0}&#39;, &#39;$secret_name&#39;)] }} | sed &#39;s/./&amp; /g&#39;
          done

        # This works perfectly
        echo ${{ secrets[format(&#39;{0}&#39;, &#39;SEC_1&#39;)] }} | sed &#39;s/./&amp; /g&#39;
        echo ${{ secrets[format(&#39;{0}&#39;, &#39;SEC_2&#39;)] }} | sed &#39;s/./&amp; /g&#39;

i've tried some solutions from here - but nothing works as i don't have fixed number of variables i can define as env vars

What am i missing?


As per the comment, managed to do it, thanks @Azeem!

on:
  workflow_dispatch:
    inputs:
      my_secrets:
        description: &quot;list of secrets to fetch&quot;
        required: true

permissions:
  contents: read

jobs:
  dev:
    name: dev
    runs-on: ubuntu-22.04
    env:
      SECRETS: &#39;${{ toJson(secrets) }}&#39;
    steps:
      - run: |
          IFS=&#39;,&#39; read -ra string_array &lt;&lt;&lt; ${{ github.event.inputs.my_secrets }}

          for secret in &quot;${string_array[@]}&quot;; do
            value=&quot;$(jq -r --arg key &quot;$secret&quot; &#39;.[$key]&#39; &lt;&lt;&lt; &quot;$SECRETS&quot; | sed &#39;s|.|&amp; |g&#39;)&quot;
            echo &quot;$secret: $value&quot;
          done

答案1

得分: 1

你可以使用 toJSON 函数将 secrets 上下文转换为 JSON 格式,然后使用 jq 查询你的动态密钥。

以下是一个示例:

name: dynamic_secrets

on: workflow_dispatch

jobs:
  ci:
    runs-on: ubuntu-latest

    steps:
    - name: Check
      env:
        SECRETS: '${{ toJson(secrets) }}'
      run: |
        for secret in SECRET1 SECRET2; do
          value="$(jq -r --arg key "$secret" '.[$key]' <<< "$SECRETS" | sed 's|.|& |g')"
          echo "$secret: $value"
        done        

输出:

如何根据提供的秘密名称列表,在GitHub Action 中动态使用GitHub Secrets?


参考链接:

英文:

You can convert the secrets context to JSON with toJSON function and then use jq to query your dynamic secrets.

Here's an example:

name: dynamic_secrets

on: workflow_dispatch

jobs:
  ci:
    runs-on: ubuntu-latest

    steps:
    - name: Check
      env:
        SECRETS: &#39;${{ toJson(secrets) }}&#39;
      run: |
        for secret in SECRET1 SECRET2; do
          value=&quot;$(jq -r --arg key &quot;$secret&quot; &#39;.[$key]&#39; &lt;&lt;&lt; &quot;$SECRETS&quot; | sed &#39;s|.|&amp; |g&#39;)&quot;
          echo &quot;$secret: $value&quot;
        done        

Output:

如何根据提供的秘密名称列表,在GitHub Action 中动态使用GitHub Secrets?


References:

huangapple
  • 本文由 发表于 2023年7月17日 17:07:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76702956.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定