GitHub Actions workflows env and secrets All In One
GitHub Actions workflows env and secrets All In One
$GITHUB_ENV&secrets
环境变量 和 密钥
Secrets and variables allow you to manage reusable configuration data.
Secrets are encrypted and are used for sensitive data.
Variables are shown as plain text and are used for non-sensitive data.
Anyone with collaborator access to this repository can use these secrets and variables for actions.
They are not passed to workflows that are triggered by a pull request from a fork.
GITHUB_ENV environment file
- 变量提供了一种存储和重用
非敏感配置信息的方法 - 你可以设置自己的
自定义变量或使用 GitHub 自动设置的默认环境变量。
# 把变量和值 `>>` 追加到 GITHUB_ENV 环境变量文件中
echo "{environment_variable_name}={value}" >> "$GITHUB_ENV"
steps:
- name: Set the value
id: step_one
run: |
echo "action_state=yellow" >> "$GITHUB_ENV"
- name: Use the value
id: step_two
run: |
printf '%s\n' "$action_state" # This will output 'yellow'
env vs github.env
# ✅
${{ env.VARIABLE_NAME }}
# ✅ namespcae ❓
${{github.env.VARIABLE_NAME}}}
https://docs.github.com/en/actions/learn-github-actions/contexts#env-context
secrets in GitHub Actions
警告:默认情况下,变量在构建输出中呈现未屏蔽的状态。
如果你需要更高的安全性来保护敏感信息(例如密码),请改用机密。
steps:
- name: Hello world action
with: # Set the secret as an input
super_secret: ${{ secrets.SuperSecret }}
env: # Or as an environment variable
super_secret: ${{ secrets.SuperSecret }}
https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
demos
# This is a basic workflow to help you get started with Actions
name: Tesla_Crawler
# Controls when the action will run.
on:
# Triggers the workflow on push events but only for the main branch
push:
branches: [ main ]
schedule:
- cron: '00 08 * * *'
# https://crontab.guru/#00_08_*_*_*
# Runs at 08:00 on everyday
# 分、时、日、月、周
# https://www.cnblogs.com/xgqfrms/p/15384401.html
# - cron: '00 08,20 * * *'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
# hello-job:
# # The type of runner that the job will run on
# runs-on: ubuntu-latest
# # Steps represent a sequence of tasks that will be executed as part of the job
# steps:
# # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
# - uses: actions/checkout@v2
# # Runs a single command using the runners shell
# - name: Run a one-line script
# run: echo Hello, world!
# crawler job
tesla-job:
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
runs-on: ubuntu-latest
steps:
- name: 'Checkout codes'
uses: actions/checkout@v3
# 自定义 env, 并且 >> 追加到 GITHUB_ENV file 中 ✅
# https://www.cnblogs.com/xgqfrms/p/17685587.html
# 自定义 env, $GITHUB_ENV => ${{env.REPORT_DATE}} ✅
# 自定义 env, $GITHUB_ENV => ${{github.env.REPORT_DATE}} ✅
- name: 'set Date'
run: echo "REPORT_DATE=$(TZ=':Asia/Shanghai' date '+%Y-%m-%d %T')" >> $GITHUB_ENV
- name: 'print Date'
run: echo ${{env.REPORT_DATE}}
# vscode warning: Context access might be invalid: REPORT_DATE
# https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
- name: 'Get Date'
run: echo ${{github.env.REPORT_DATE}}
# vscode not warning
- name: 'install package'
run: npm i
- name: 'begin'
run: echo "crawling ...✅"
- name: '自动爬取'
run: node ./auto-update.js
- name: 'end'
run: echo "finshed 🎉"
# Commit all changed files back to the repository
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: update tesla data
# ...
steps:
- name: 'Checkout codes'
uses: actions/checkout@v3
# 自定义 env, 并且 >> 追加到 GITHUB_ENV file 中 ✅
# https://www.cnblogs.com/xgqfrms/p/17685587.html
# 自定义 env, $GITHUB_ENV => ${{env.REPORT_DATE}} ✅
# 自定义 env, $GITHUB_ENV => ${{github.env.REPORT_DATE}} ✅
- name: 'set Date'
run: echo "REPORT_DATE=$(TZ=':Asia/Shanghai' date '+%Y-%m-%d %T')" >> $GITHUB_ENV
- name: 'print Date'
run: echo ${{env.REPORT_DATE}}
# vscode warning: Context access might be invalid: REPORT_DATE
# https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
- name: 'Get Date'
run: echo ${{github.env.REPORT_DATE}}
# vscode not warning
# 自定义 multi envs
# $GITHUB_ENV => ${{github.env.AUTHOR}} ✅ $GITHUB_ENV => ${{github.env.WEBSITE}} ✅
- name: '自定义多个 env 变量'
run: |
echo "AUTHOR=xgqfrms" >> $GITHUB_ENV
echo "WEBSITE=https://www.xgqfrms.xyz" >> $GITHUB_ENV
- name: '打印多个 env 变量'
run: |
echo "AUTHOR=${{env.AUTHOR}} ✅"
echo "WEBSITE=${{env.WEBSITE}} 🎉"
# Unexpected symbol: '$GITHUB_ENV'. Located at position 1 within expression: $GITHUB_ENV
# Available expression contexts: github, inputs, vars, needs, strategy, matrix, secrets, steps, job, runner, env
# Available expression functions: hashFiles
# ...
(🐞 反爬虫测试!打击盗版⚠️)如果你看到这个信息, 说明这是一篇剽窃的文章,请访问 https://www.cnblogs.com/xgqfrms/ 查看原创文章!
export & set & unset
exportan system wide environment variablesetshow all environment variable ❓ config outputunsetdelete an exported environment variable
$ export GITHUB_ENV_var=1
$ echo $GITHUB_ENV_var
1
# set 不可以设置环境变量 ❌ 错误用法
$ set GITHUB_ENV_var=2
$ echo $GITHUB_ENV_var
1
$ set | grep "GITHUB_ENV_var"
'*'=( 'GITHUB_ENV_var=2' )
@=( 'GITHUB_ENV_var=2' )
GITHUB_ENV_var=1
argv=( 'GITHUB_ENV_var=2' )
$ unset GITHUB_ENV_var
$ set | grep "GITHUB_ENV_var"
'*'=( 'GITHUB_ENV_var=2' )
@=( 'GITHUB_ENV_var=2' )
argv=( 'GITHUB_ENV_var=2' )
$ echo $GITHUB_ENV_var
https://stackoverflow.com/questions/6877727/how-do-i-delete-an-exported-environment-variable
set & unset
set [ {+|-}options | {+|-}o [ option_name ] ] ... [ {+|-}A [ name ] ]
[ arg ... ]
Set the options for the shell and/or set the positional
parameters, or declare and set an array. If the -s option is
given, it causes the specified arguments to be sorted before
assigning them to the positional parameters (or to the array
name if -A is used). With +s sort arguments in descending
order. For the meaning of the other flags, see zshoptions(1).
Flags may be specified by name using the -o option. If no option
name is supplied with -o, the current option states are printed:
see the description of setopt below for more information on the
format. With +o they are printed in a form that can be used as
input to the shell.
If the -A flag is specified, name is set to an array containing
the given args; if no name is specified, all arrays are printed
together with their values.
If +A is used and name is an array, the given arguments will
replace the initial elements of that array; if no name is
specified, all arrays are printed without their values.
The behaviour of arguments after -A name or +A name depends on
whether the option KSH_ARRAYS is set. If it is not set, all
arguments following name are treated as values for the array,
regardless of their form. If the option is set, normal option
processing continues at that point; only regular arguments are
treated as values for the array. This means that
set -A array -x -- foo
sets array to `-x -- foo' if KSH_ARRAYS is not set, but sets the
array to foo and turns on the option `-x' if it is set.
If the -A flag is not present, but there are arguments beyond
the options, the positional parameters are set. If the option
list (if any) is terminated by `--', and there are no further
arguments, the positional parameters will be unset.
If no arguments and no `--' are given, then the names and values
of all parameters are printed on the standard output. If the
only argument is `+', the names of all parameters are printed.
For historical reasons, `set -' is treated as `set +xv' and `set
- args' as `set +xv -- args' when in any other emulation mode
than zsh's native mode.
$ man zshbuiltins
# $ man zshbuiltins | grep set
# Unknown locale, assuming C
$ locale
LANG=""
LC_COLLATE="C"
LC_CTYPE="UTF-8"
LC_MESSAGES="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_ALL=
# fix
$ export LANG="en_US.UTF-8"
$ locale
LANG="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_CTYPE="UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_ALL=
https://pubs.opengroup.org/onlinepubs/007904875/utilities/set.html
unset [ -fmv ] name ...
Each named parameter is unset. Local parameters remain local
even if unset; they appear unset within scope, but the previous
value will still reappear when the scope ends.
Individual elements of associative array parameters may be unset
by using subscript syntax on name, which should be quoted (or
the entire command prefixed with noglob) to protect the
subscript from filename generation.
If the -m flag is specified the arguments are taken as patterns
(should be quoted) and all parameters with matching names are
unset. Note that this cannot be used when unsetting associative
array elements, as the subscript will be treated as part of the
pattern.
The -v flag specifies that name refers to parameters. This is
the default behaviour.
unset -f is equivalent to unfunction.
https://pubs.opengroup.org/onlinepubs/007904875/utilities/unset.html
refs
https://docs.github.com/en/actions/learn-github-actions/variables#about-environment-variables
https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
https://github.com/web-full-stack/cyclic-express-server/settings/secrets/actions
https://github.com/web-full-stack/cyclic-express-server/settings/variables/actions
https://github.com/web-full-stack/cyclic-express-server/issues/6
©xgqfrms 2012-2021
www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!
原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!
本文首发于博客园,作者:xgqfrms,原文链接:https://www.cnblogs.com/xgqfrms/p/17685587.html
未经授权禁止转载,违者必究!
