Feature Request - Ability to reference secrets and environments variables

This is more of a feature request so I don’t know if this forum is the best place for it, but still.

Recently, support for private registers was announced for service containers (https://github.blog/changelog/2020-09-24-github-actions-private-registry-support-for-job-and-service-containers/).

Even before that functionality was available, we were already using ecr credential helper Docker workaround which works for self hosted runners.

Currently the problem / limitation with the service containers is that you can’t reference environment variables or secrets for the image attribute value.

For example:

    services:
      foobar1:
        image: ${{ secrets.PRIVATE_REGISTRY }}/${{ needs.step1.outputs.DOCKER_IMAGE }}

      foobar2:
        image: ${{ env.PRIVATE_REGISTRY }} /${{ needs.step1.outputs.DOCKER_IMAGE }}

Neither of those approaches works and returns an error.

The workflow is not valid. .github/workflows/main.yaml (Line: 309, Col: 16): Unrecognized named-value: 'env'. Located at position 1 within expression: env.DOCKER_IMAGE

(I also can’t put registry name into published DOCKER_IMAGE output variable since it contains a secret so it won’t be published - I could perhaps get it to work via some hacks / intermediate action which would unmask that value but that seems overly complicated for such a simple thing…).

I assume this limitation is related to context variable life cycle and scoping.

I don’t see any reason why we shouldn’t at least be able to access secrets in that context.

@Kami,

Thanks for your feedback.
GitHub takes your suggestions very seriously, and the suggestions are very helpful for improving GitHub.

I recommend that you can directly share your feature request here. That will allow you to directly interact with the appropriate engineering team, and make it more convenient for the engineering team to collect and categorize your suggestions.