GitHub Actions-空的环境秘密 [英] GitHub Actions - empty env secrets

问题描述

我已经开始使用GitHub动作了，但是我正在努力访问作为环境传递的存储库秘密.

I've started playing with GitHub actions, but I'm struggling with accessing repository secrets which I pass as env's.

我的工作流程文件:

name: Invite

on: 
  pull_request:
    branches: [master]
    types: [closed]
jobs:
  invite:
    runs-on: ubuntu-latest
    steps:
      - name: Hello world action
        uses: lekterable/inclusive-organization-action@master
        env:
          SECRET_TOKEN: ${{ secrets.SECRET_TOKEN }}
          organization: string
          SUPER_SECRET: ${{ secrets.SUPER_SECRET }}

动作索引文件

const core = require('@actions/core')
const github = require('@actions/github')

const run = async () => {
  try {
    ...
    console.log('env', process.env)
    const token = process.env.SECRET_TOKEN
    const secret = process.env.SUPER_SECRET
    const organization = process.env.organization
    console.log('organization', organization)
    console.log('token?', !!token)
    console.log('secret?', !!secret)
    console.log('token length', token.length)
    ...
  } catch (error) {
    core.setFailed(error.message)
  }
}

run()

如您所见，我正在传递3个env，则按预期方式存在一个值为'string'的组织，但SECRET_TOKEN和SUPER_SECRET为空.​​

as you can see I'm passing 3 env's, the organization which has a value of 'string' exists as expected, but SECRET_TOKEN and SUPER_SECRET are empty.

是的，我确实在运行该操作的回购中设置了机密:

And yes, I do have the secrets set in the repo which runs the action:

我在做错什么吗?

推荐答案

我找到了一个解决方案，我要做的是代替执行关闭PR的操作，而是在新提交时运行它在主服务器上，这必须由对存储库具有写权限"的人来触发，因此，它可以访问存储库秘密.

I've found a solution, what I did to work around it is instead of running the action on closing the PR I'm running it on a new commit on master, this has to be triggered by someone with 'write rights' to the repo, therefore, it has access to the repo secrets.

要检查该提交是否为合并提交要困难一些，我们必须显式获取有关PR的更多信息，但是它可以工作.如果有人感兴趣的话，我要尝试执行的操作的源代码: https://github.com /lekterable/inclusive-organization-action

It's a bit harder to check if the commit is a merge commit and we have to explicitly fetch more info about the PR, but it works. Source code of an action I was trying to build if someone is interested: https://github.com/lekterable/inclusive-organization-action

这篇关于GitHub Actions-空的环境秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！