如何在.Renviron文件的GitHub操作工作流中引用GitHub机密 [英] How to reference GitHub Secrets in GitHub Actions workflow for .Renviron file
本文介绍了如何在.Renviron文件的GitHub操作工作流中引用GitHub机密的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
您好,我即将使用GitHub操作添加CI/CD步骤来部署我拥有的R闪亮应用程序。我遇到的问题是,在R中有一个名为.Renviron
的文件,我使用它来存储访问R脚本中我的SQL DB的凭据。通常我在本地部署我的应用程序,当我使用rsConnect包时会包含此文件,但现在我正在使用GitHub操作,我相信我必须在bash脚本步骤中手动创建此.Renviron文件。
Create and populate .Renviron file
部分。
# Triggered on push and pull request events
on: [push, pull_request]
# Name of the workflow => usethis::use_github_actions_badge("CI-CD")
name: CI-CD
jobs:
CI-CD:
runs-on: ${{ matrix.config.os }}
name: ${{ matrix.config.os }} (${{ matrix.config.r }})
strategy:
# we keep a matrix for convenience, but we would typically just run on one
# single OS and R version, aligned with the target deployment environment
matrix:
config:
- {os: ubuntu-20.04, r: 'release', rspm: "https://packagemanager.rstudio.com/cran/__linux__/focal/latest"}
env:
# Enable RStudio Package Manager to speed up package installation
RSPM: ${{ matrix.config.rspm }}
# Access token for GitHub
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Setup R
uses: r-lib/actions/setup-r@v1
with:
r-version: ${{ matrix.config.r }}
- name: Query R dependencies
run: |
install.packages('remotes')
saveRDS(remotes::dev_package_deps(dependencies = TRUE), ".github/depends.Rds", version = 2)
writeLines(sprintf("R-%i.%i", getRversion()$major, getRversion()$minor), ".github/R-version")
shell: Rscript {0}
- name: Cache R packages
uses: actions/cache@v2
with:
path: ${{ env.R_LIBS_USER }}
key: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-${{ hashFiles('.github/depends.Rds') }}
restore-keys: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-
- name: Install system dependencies
run: |
while read -r cmd
do
eval sudo $cmd
done < <(Rscript -e 'writeLines(remotes::system_requirements("ubuntu", "20.04"))')
- name: Install R dependencies
run: |
remotes::install_deps(dependencies = TRUE)
remotes::install_cran("rcmdcheck")
shell: Rscript {0}
- name: Create and populate .Renviron file
run: |
echo aws_host="$AWS_HOST" >> ~/.Renviron
echo aws_port="$AWS_PORT" >> ~/.Renviron
echo aws_pw="$AWS_PW" >> ~/.Renviron
echo aws_user="$AWS_USER" >> ~/.Renviron
echo dbname="$DBNAME" >> ~/.Renviron
shell: bash
- name: Check package
run: |
options(crayon.enabled = TRUE) # enable colorful R CMD check output
rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
shell: Rscript {0}
- name: Deploy to shinyapps.io
# continuous deployment only for pushes to the main / master branch
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
env:
SHINYAPPS_ACCOUNT: ${{ secrets.SHINYAPPS_ACCOUNT }}
SHINYAPPS_TOKEN: ${{ secrets.SHINYAPPS_TOKEN }}
SHINYAPPS_SECRET: ${{ secrets.SHINYAPPS_SECRET }}
run: Rscript deploy/deploy-shinyapps.R
我将所有这些变量都存储在GitHub机密中,但我仍然无法让我的闪亮应用程序通过.Renviron文件访问任何这些凭据。我认为访问这些GitHub机密的语法不同于普通的${secuss.my_secret}},因为它在bash脚本中。
Renviron文件的文件位置也很重要,它应该位于GitHub存储库中所有其他内容所在的根目录中。我不确定如何知道/确认它是否在正确的位置。如果任何人有任何关于如何使用GitHub机密正确创建此.Renviron文件并将其放在我的目录的根目录下的建议,我将不胜感激!
推荐答案
您是正确的,您在bash脚本中can't use${{ secrets.my_secret }}
。
这是行不通的,因为"${}}"和"secrets"变量是Bash不理解的GitHub操作构造。您必须将密码作为环境变量传递给您的步骤:但是,您也可以像在上一步中一样使用环境映射。应该是这样的:
- name: Create and populate .Renviron file
run: |
echo aws_host="$MAPPED_AWS_HOST" >> ~/.Renviron
echo aws_port="$MAPPED_AWS_PORT " >> ~/.Renviron
echo aws_pw="$MAPPED_AWS_PW" >> ~/.Renviron
echo aws_user="$MAPPED_AWS_USER" >> ~/.Renviron
echo dbname="$MAPPED_DBNAME" >> ~/.Renviron
shell: bash
env:
MAPPED_AWS_HOST: ${{ secrets.AWS_HOST}}
MAPPED_AWS_PORT : ${{ secrets.AWS_PORT }}
MAPPED_AWS_PW: ${{ secrets.AWS_PW }}
MAPPED_AWS_USER: ${{ secrets.AWS_USER}}
MAPPED_DBNAME: ${{ secrets.DBNAME}}
这篇关于如何在.Renviron文件的GitHub操作工作流中引用GitHub机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文