environment action init.

.github/workflows/environment.yml

@@ -0,0 +1,57 @@
+name: demonstrate environment variables/secrets of different stage, different aspect
+
+on:
+  push:
+    branches: [ "environment" ]
+
+# two item set in github repo's setting->  secrets and variables -> action:
+# 1. secrets: SECRET_IN_REPO: <secret in repo>
+# 2. variables: VAR_IN_REPO: <var in repo>
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      VAR_IN_JOB1: "<var in job1>"  #job level variable
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: set some variables
+        env:
+          VAR_IN_STEP1: "<var in step1>"  # step level variable
+        run: |
+          cd environment
+          echo "VAR_IN_RUN=<var in run>" >> $GITHUB_ENV  # set env variable in running
+          echo "[Print in step run]: ${{vars.VAR_IN_REPO}},${{secrets.SECRET_IN_REPO}},${{env.VAR_IN_JOB1}}, ${{env.VAR_IN_STEP1}}, ${{env.VAR_IN_RUN}} "
+          npm -v
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        env:
+          VAR_IN_STEP2: "<var in step2>"
+        with:
+          platforms: linux/amd64
+          context: ./environment
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: true
+          tags: ghcr.io/${{ github.repository }}:environment-latest,
+          build-args: | # setting for running in dockerfile, as  "ENV key=val"
+            BUILD_ARG1=<arg1 in build-args>
+          secrets: | # set DOCKERFILE secrets,  direct assign value, need --mount in DOCKERFILE
+            SECRETS1=<secrets1 in secrets>
+          secret-envs: | #set DOCKERFILE secrets,  value is read through a env key from environment(action scope), need --mount in DOCKERFILE
+            SECRET_ENV_1=VAR_IN_STEP2
+          # VAR_IN_STEP1=<var in step1>  is a valid  action scope env variable

.gitignore

@@ -1,2 +1,4 @@
 **/.idea/**
-**/target/
+**/target/
+**/node_modules/
+**/dist/

README.MD

@@ -23,9 +23,14 @@ nuxt(3.x) project: build to output, build output to an image, tag&push it docker
 
 
 ## branch `enviroment`
-setting and print environment variables/secrets of different stage, different aspect, 
+setting and print environment variables/secrets of different scope/aspect , 
 aiming at demonstrate github action's environment variables/secrets apparently for review and review
 
+scope:
+1. action scope
+2. Dockerfile scope
+3. running script scope
+
 ## branch `curl-api'
 curl some github api in action 
 build docker image and push to gh registry for maven and node app

curl/curl-api.http

@@ -0,0 +1,24 @@
+# curl -L
+#  -H "Accept: application/vnd.github+json"
+#  -H "Authorization: Bearer <YOUR-TOKEN>"
+#  -H "X-GitHub-Api-Version: 2022-11-28"
+#  "https://api.github.com/user/packages?package_type=container"
+GET https://api.github.com/user/packages?package_type=maven
+Accept: application/vnd.github+json
+Authorization: Bearer
+X-GitHub-Api-Version: 2022-11-28
+
+###
+
+# curl -L
+#  -H "Accept: application/vnd.github+json"
+#  -H "Authorization: Bearer <YOUR-TOKEN>"
+#  -H "X-GitHub-Api-Version: 2022-11-28"
+#  https://api.github.com/users/USERNAME/packages/PACKAGE_TYPE/PACKAGE_NAME
+GET https://api.github.com/users/slow-groovin/packages/maven/com.github.action.test.github-package-upload-config
+Accept: application/vnd.github+json
+Authorization: Bearer
+X-GitHub-Api-Version: 2022-11-28
+
+###
+

enviroment/Dockerfile

@@ -0,0 +1,41 @@
+FROM ubuntu:latest
+LABEL authors="slow-groovin"
+LABEL org.opencontainers.image.description="demonstrate environment variables/secrets of different stage, different aspect"
+
+FROM node:20.16.0-alpine3.20
+
+WORKDIR /app
+ENTRYPOINT ["node","index.js"]
+
+
+COPY . .
+
+
+
+# print vars in Dockerfile Scope
+RUN echo "[Print in Dockerfile Scope beginning]1.$VAR_REPO, 2.$SECRET_IN_REPO, 3.VAR_IN_JOB1, 4.$VAR_IN_STEP1, 5.$VAR_IN_RUN, 6.$BUILD_ARG1 \
+7.$SECRETS1, 8.$SECRET_ENV_1"
+
+
+#desclare arg,on by this it can read args from `build-args:` setting in  environment.yml, as well as `--build-arg` in docker build command
+ARG BUILD_ARG1
+
+#set var in dockerfile scope
+ENV VAR_IN_DOCKERFILE=<var in dockerfile>
+
+RUN echo "[Print Dockerfile args/env]1.$BUILD_ARG1, 2.$VAR_IN_DOCKERFILE"
+
+# through --mount, env=SECRETS1_TO_ENV means the secret will be exported to env
+RUN --mount=type=secret,id=SECRETS1,env=SECRETS1_TO_ENV \
+    echo $SECRETS1_TO_ENV
+
+# let's see outside RUN --mount, can env SECRETS1_TO_ENV be access in Dockerfile scope?
+RUN echo $SECRETS1_TO_ENV
+# the answer is: not
+
+npm run print-var
+
+
+
+
+

enviroment/index.js

@@ -0,0 +1 @@
+console.log("environment entrypoint: index.js, exec.")

enviroment/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "environment",
+  "version": "1.0.0",
+  "description": "setting and print environment variables/secrets of different stage, different aspect, \naiming at demonstrate github action's environment variables/secrets apparently for review and review ",
+  "main": "index.js",
+  "scripts": {
+    "print-var": "node printVarsByDockerfile.js"
+  },
+  "author": "",
+  "license": "ISC"
+}

enviroment/printVarsByActionRun.js

@@ -0,0 +1 @@
+console.log('[Print in action running by script]:',process.env)

enviroment/printVarsByDockerfile.js

@@ -0,0 +1 @@
+console.log('[Print in Dockerfile running]:',process.env)