Environment URL not set because env may contain secret

In trying to use the new environment feature in github actions, it appears that it isn’t possible to set a URL for an environment if it may contain secrets. I see this in the logs:

Warning: Skip setting environment url as environment <environment> may contain secret.

Given that most deployments will probably require some sort of secrets to deploy, is this intended? If so, is there a way around it or what is the underlying reason for this behavior?

1 Like

Are you using the secrets context there for some reason?

Meaning are you specifically referencing a secret in the url property of the environment key.

Thanks for your reply @chrispat and apologies for not following up earlier.

No, not referencing a secret in the URL. I’m only using github.event.number to form the URL.

It actually seems to be an error unrelated to secrets - what I see on the workflow overview page is this error:

System.AggregateException: One or more errors occurred. (Unexpected type 'BasicExpressionToken' encountered while reading 'Error in Environment Url for <environment>'. The type 'StringToken' was expected.)

The relevant lines from the workflow spec look like this:

environment:
  name: environment-${{ github.event.number }}
  url: https://environment-${{ github.event.number }}.example.com

Do you perhaps have a more complete example of your workflow? We are not able to reproduce this issue.

Hello,

Do you have a minimalistic repro or a build where you could share?

We tried this:

name: EnvironmentURLIssue

on:
  workflow_dispatch:
  pull_request:
    
jobs:
  build:
    environment:
      name: environment-${{ github.event.number }}
      url: https://environment-${{ github.event.number }}.example.com
    runs-on: ubuntu-latest
    steps:
        - name: hello world
          run: |
            echo hello world
        - id: env-url-step
          name: set environment URL data
          run: echo "::set-output name=url::https://github.com"

Which seems to work fine.

Hi @yaananth thanks for your response - here is an example run where the error occurs: fix typo · SwissDataScienceCenter/renku@320fdab · GitHub

Thanks, we will investigate!

We repro’d this, while we will fix so that you won’t get that error and make workflow stuck, what’s happening in terms of URL not getting set is by design.

You probably have some part of the URL as a secret.

For example, I can repro this, if I make a secret “DEV” with value “dev”.

Now if I reference that secret somewhere in my workflow. It’s considered as a secret. If ur URL has “dev” in it, it’s a secret, so we skip setting that.