hmanzur / actions-set-secret Goto Github PK
View Code? Open in Web Editor NEWCreate or update secrets in github repository
License: MIT License
Create or update secrets in github repository
License: MIT License
I'm setting the visibility
input. But the input is not passed to github API!
isOrg
?This method called is not present in your src/api.js
Line 16 in c9c16be
Hi, your action works great for secrets with value not containing dash (-), but I noticed that whenever a secret contains dash, your action doesn't persist the secret value when creating a new secret in GitHub. For example, the following step does create the new repo secret for S3_BUCKET_NAME, however, the value is blank (see verification step below).
- name: Create GitHub Repository secret for frontend S3_BUCKET_NAME
uses: hmanzur/[email protected]
with:
name: 'S3_BUCKET_NAME'
value: 'abc-company-bucket'
repository: ${{ github.repository }}
token: ${{ secrets.GH_ACTIONS_SECRETS_PAT }}
When I tried to verify that newly created secret "abc-company-bucket" using this step below, it retrieved blank value. But when I modified the secret value from "abc-company-bucket" to "abccompanybucket" in the above step, this step retrieved that value successfully.
- name: Verify secrets
run: |
echo ${{ secrets.S3_BUCKET_NAME }} | sed -e 's/\(.\)/\1 /g'
Please help find root cause and provide a fix. Thanks!
Warning: The set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Please update action to support new output method:
Hello @hmanzur! ๐
I was wondering if you're still making accepting PRs and maintaining this repository. I note that there have been no commits to the main branch in 3 years. It's great if you're still active on it, and it's perfectly OK if you've moved on. โค๏ธ I would appreciate a concrete y/n answer though! ๐
related to #21 (comment)
Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: hmanzur/[email protected]
I would like to use your action to push a secret to my Organization secrets. And not on my repository.
On this line you set the url to repo
hard coded.
actions-set-secret/src/secret.js
Line 25 in 005a919
Declare a input to switch this hardcoded value to org
. It could be a input org: true
on the action.
This way it could be default false, mantaining the funcionality to the repo.
repository_or_org:
description: Repository or organization name
default: github.repository
required: false
org:
description: flag to push to organization
default: false
required: false
I discovered your action from this answer and wondered if I can set a secret from a script executed during the workflow.
In my case, I have a script generating a facebook token. I would like the token to update my repository secret.
When using this Github Action, the secret value to be set as an input is logged in the Github Action logs that is publicly accessible to anyone logged into Github for public Github repositories.
For example in the Github Action logs it looks like:
Run hmanzur/[email protected]
with:
name: REPOSITORY_SECRET_TO_SET
value: "Secret is leaked here in plaintext"
repository: my-user/my-public-repository
token: ***
I do not know of a workaround to redact this information from Github Action logs as it appears that only secrets specified as inputs like {{ secrets.MY_REPOSITORY_SECRET }}
will be properly redacted which unfortunately defeats the purpose of this module.
My recommendation is that no one should use this Github Action module unless their Github Action logs are properly protected, redacted, or has a minimal retention window of 0 days.
See ericanastas/deploy-google-app-script-action#1 for more details
Thank you for your PR #3
But there are some missing things on your PR that I managed to do on #4 (which you closed).
I want to upload a secret to my organization, not to my repo (which is from my organization).
Your variable _base
is correct. But you are still passing a /:repo/
hardcoded on your URL.
Line 29 in f2a75ae
When uploading to organization level secret, it must be passed the owner
/organization_name
in the url
let { data } = await this.octokit.request('GET /:base/:owner/actions/secrets/public-key', {
Shouldn't be better to create a input owner
for this on the action?
Your input is using a {github.repository}
.
This context returns owner/repository
? I think it will return repository
only.
Line 22 in f2a75ae
The urls for repo are:
PUT /repos/:owner/:repo/actions/secrets/:secret_name
GET /repos/:owner/:repo/actions/secrets/public-key
You are obfuscating the owner attribute! This caused me a lot a confusion. And a made those changes on PR #4 to declare it explicitly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.