How to access secrets in Javascript GitHub actions?
Problem Description:
I am developing a reusable workflow using Javascript actions by following this tutorial. My action.yml looks like this.
name: "Test"
description: "Reusable workflow"
inputs:
input-one:
required: false
type: string
runs:
using: 'node16'
main: 'dist/index.js'
But my question is how to access the secrets in dist/index.js?. Please note that I don’t want the user to supply the secret as input, I would like to store the secret in my reusable workflow repository and use it whenever it’s needed.
I tried to change the action.yml with env(So that I can use node process.env API to get the secret) but it’s failing with an error saying that Unexpected value 'env'.
name: "Test"
description: "Reusable workflow"
inputs:
input-one:
required: false
type: string
runs:
using: 'node16'
main: 'dist/index.js'
env:
DUMMY_VAL: ${{ secrets.MY_REPOSITORY_SECRET }}
Solution – 1
I don’t think that’s possible. That would be somewhat a security vulnerability.
Examples clearly show that secrets have to be explicitly passed https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
You can experiment with default value for it but looks like it’s not supported for workflows.
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecrets
It would look like this (probably won’t work):
on:
workflow_call:
secrets:
access-token:
description: 'Your secret'
required: false
default: ${{ secrets.your-secret }}
If it doesn’t work you can try suggesting it as a feature here: https://github.com/orgs/community/discussions/categories/actions-and-packages
Solution – 2
On GitHub.com, navigate to the main page of the repository. Under your repository name, click Settings. In the "Security" section of the sidebar, select Secrets, then click Actions. Click New repository secret.
Credit: Google