common non-secrets for an organization/project

I have a layer of env variables/settings that are not secret that I would like to not hardcode into my YML nor check in with the code. Putting them into your secrets masks them from the logs which makes using them when troubleshoot impossible. e.g. default aws region, default aws account number, feature flags

Is there an example of this pattern within github actions?

1 Like

Hi @andy-brainome,

Github provides aws CI/CD workflow example here:

And you can refer to the aws actions in the repo below, check the action usage for more details.


Thank you for the referral but I do not need a primer on aws github actions.

I am looking for the pattern for defining feature flags and other deployment variables that are not to be checked into the code repository.  I did look at some of the samples defined within there but could not identify how to -not- hard code these values.

This usage hard codes into the action these messages for example:

# Messages this action will apply to issuesstale-issue-message:Stale issue messagestale-pr-message:Stale issue messageancient-issue-message:Stale issue message

Can you please be more specific on which of the many samples has that pattern?

I agree that this sort of configuration can be a little frustrating—I’ve had the same trouble doing things like specifying deployment targets that I don’t need to be encrypted and masked. There’s unfortunately not currently an easy way to do this. I think eventually it may make sense for us to have separate concepts of environment variables and secrets, but we don’t currently have a great solution for it.

Hi @andy-brainome ,

Thanks for your reply! To NOT hard code the values, you can use ‘repository_dispatch event’ and include your values in the payload, transfer the value to the workflow.

Get the payload value from in the workflow, eg: ${{ github.event.client_payload.stalemessage }} for the action.

- uses: aws-actions/stale-issue-cleanup@v3
    # Messages this action will apply to issues
    stale-issue-message: ${{ github.event.client_payload.stalemessage }}
    stale-pr-message: ${{ github.event.client_payload.stalemessage }}
    ancient-issue-message: ${{ github.event.client_payload.stalemessage }}