By Colin Wilson on 03 January, 2021
If you have different environments enabled in GitHub e.g. Preview
and Production
, you’re able to configure secrets scoped specifically to those environments. So the value for say a secret named MY_SUPER_SECRET
is specific to its corresponding environment.
On GitHub, navigate to the main page of your repository, click on Settings
then in the left sidebar, click Environments
. Select an environment from the list e.g. Preview
(or create a new one by clicking on New environment
).
Click on Add secret
Fill in the details and click Add secret
Now that the environment specific secret has been added it can be referenced in a workflow.
Note: Running a workflow that references an environment that does not exist will create an environment with the referenced name.
Set the environment
the job will reference using the syntax jobs.<job_id>.environment
.
The deploy-preview
job in the below example is set to reference the Preview
environment. This grants it access to secrets set in that environment:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called/with ID "deploy-preview"
deploy-preview:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
# The environment this job references
environment:
name: Preview
url: ${{ steps.step_name.outputs.url_output }} # optional
You can now consume the secrets in your workflow as normal e.g.
- name: Build
run: npm run access_fortress_of_solitude
env:
MY_SUPER_SECRET: ${{ secrets.MY_SUPER_SECRET }}
job.<job_id>.environment.url
url
maps to environment_url
in the deployments API which sets the URL for accessing your environment. This means you can set it to a URL outputted by another step in your job. If you set the url
you’ll see something like the below example in the Complete Job
section of your deploy logs:
1. Evaluate and set environment url
2. Evaluated environment url: https://fortress-of-solitude-f62s6yphd.vercel.app
Your environment and environment URL (if set) will also appear in you repository’s deployments history. Just click Environments
on the home page of your repository to view the details.