result annotation and some modify #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: demonstrate environment variables/secrets of different stage, different aspect | |
| on: | |
| push: | |
| branches: [ "environment" ] | |
| # two item set in github repo's setting-> secrets and variables -> action: | |
| # 1. secrets: SECRET_IN_REPO: "<secret in repo>" | |
| # 2. variables: VAR_IN_REPO: "<var in repo>" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| env: | |
| VAR_IN_JOB1: "<var in job1>" #job level variable | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: print some variables | |
| env: | |
| VAR_IN_STEP1: "<var in step1>" # step level variable | |
| run: | | |
| cd environment | |
| echo "VAR_IN_RUN=<var in run>" >> $GITHUB_ENV | |
| echo "[echo var in step run]: ${{vars.VAR_IN_REPO}},${{secrets.SECRET_IN_REPO}},${{env.VAR_IN_JOB1}}, ${{env.VAR_IN_STEP1}}, ${{env.VAR_IN_RUN}}" | |
| echo "[echo env in step run], $VAR_IN_REPO,$SECRET_IN_REPO, $VAR_IN_JOB1, $VAR_IN_STEP1, $VAR_IN_RUN" | |
| node printVarsByActionRun.js | |
| # console log result 👆👆: | |
| # [echo var in step run]: <var in repo>,***,<var in job1>, <var in step1>, | |
| # [echo env in step run], ,, <var in job1>, <var in step1>, | |
| # [script Print in action]: | |
| # VAR_IN_REPO : undefined | |
| # SECRET_IN_REPO : undefined | |
| # VAR_IN_JOB1 : <var in job1> | |
| # VAR_IN_STEP1 : <var in step1> | |
| # VAR_IN_RUN : undefined | |
| - name: pass action vars to env of script | |
| run: | | |
| cd environment | |
| VAR_IN_REPO="${{vars.VAR_IN_REPO}}" SECRET_IN_REPO="${{secrets.SECRET_IN_REPO}}" node printVarsByActionRun.js | |
| # [script Print in action]: | |
| # VAR_IN_REPO : <var in repo> | |
| # SECRET_IN_REPO : *** | |
| # VAR_IN_JOB1 : <var in job1> | |
| # VAR_IN_STEP1 : undefined | |
| # VAR_IN_RUN : <var in run> | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| env: | |
| VAR_IN_STEP2: "<var in step2>" | |
| with: | |
| platforms: linux/amd64 | |
| context: ./environment | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:environment-latest, | |
| build-args: | # setting for running in dockerfile, as "ENV key=val" | |
| BUILD_ARG1=<arg1 in build-args> | |
| secrets: | # set DOCKERFILE secrets, direct assign value, need --mount in DOCKERFILE | |
| SECRETS1=<secrets1 in secrets> | |
| secret-envs: | #set DOCKERFILE secrets, value is read through a env key from environment(action scope), need --mount in DOCKERFILE | |
| SECRET_ENV_1=VAR_IN_STEP2 | |
| # VAR_IN_STEP1=<var in step1> is a valid action scope env variable |