You can use environment variables to add information that you would like to reference in your workflows. Some environment variables are even predefined for you to use immediately (e.g., the person who triggered the current workflow run). To make use of these, edit the "Hello World" workflow and add the following lines:
-
Add an environment variable at the job level:
greet: env: MY_ENV: "John Doe"
-
Add a second step to utilize your environment variable and a default one:
- name: Run a multi-line script run: | echo "Hello $MY_ENV" echo "Hello $GITHUB_ACTOR"
Your workflow file (hello.yml) should now look like this:
name: Hello World Training Workflow
on:
workflow_dispatch:
jobs:
greet:
env:
MY_ENV: "John Doe"
runs-on: ubuntu-latest
steps:
- name: Greet the User
run: echo "Hello World!"
- name: Run a multi-line script
run: |
echo "Hello $MY_ENV"
echo "Hello $GITHUB_ACTOR"Commit your changes and start a new run. You should see the following in the run logs (note that the second Hello should print your own GitHub username):
To learn more about environment variables and default variables, see the official GitHub documentation on Environment variables.
GitHub Actions workflows can be triggered by many different types of events:
Let's modify our workflow so that it also runs automatically whenever an issue is created in our repository. This practice is commonly referred to as "IssueOps". To achieve this, add the following to the on section of the workflow file and commit the changes:
---
on:
workflow_dispatch:
issues:
types: [opened, edited]Now create an issue in your repository and check the Actions tab. You should see the workflow run as follows:
Last task of this chapter will be adding a secret. You can learn mode about secrets in our documentation, but this gist of it is, that unlinke environmental variables, we mask these strings (to a reasoable extent).
We need to start by adding a secret into a repository. Navigate to settings of the repository and then in the submenu Security, you can find Secrets and variables. We will be using secrets in Actions, so we click that.
Then we click on adding a new secret, we choose a name SUPER_SECRET and value of anything we want to keep a secret.
Note: you can also be adding a secret into an organization making it available to selected or to all repositories. More into in our documentation.
After we stored the secret, we can add it into our workflow
-
Add an environment variable tied to a secret:
greet: env: MY_ENV: "John Doe" SUPER_SECRET: ${{ secrets.SUPER_SECRET }}
-
Modify a second step to utilize your secret:
- name: Run a multi-line script run: | .. .. echo "The secret is: $SUPER_SECRET"
Your workflow file (hello.yml) should now look like this:
name: Hello World Training Workflow
on:
workflow_dispatch:
issues:
types: [opened, edited]
jobs:
greet:
env:
MY_ENV: "John Doe"
MY_ENV: "John Doe"
SUPER_SECRET: ${{ secrets.SUPER_SECRET }}
runs-on: ubuntu-latest
steps:
- name: Greet the User
run: echo "Hello World!"
- name: Run a multi-line script
run: |
echo "Hello $MY_ENV"
echo "Hello $GITHUB_ACTOR"
echo "The secret is: $SUPER_SECRET"Commit your changes and try to run the workflow, either manually or via opening/editing the issue, what can you observe?
Question, can you think of some clever ways of exfiltrating the secret? How would you do it?
Next: