Github Actions args not honoring variables #26126
-
Hello! Here is the action:
Here is the logged event:
I’ve marked it, but you can see $ROLE, $PROJECT, and $SERVICE were not echoed (by the script) as their interpolated values but as literals. I’d expect this if I wrapped the args in single quotes. What am I doing wrong here? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
Args can be read out as $1, $2, $3, $4, $5 inside deploy.sh. That being said, Environment variables should be accessible the way you’re using them, you’ll have to review Dockerfile and deploy.sh to identify the problem. You can start by specifying runs = “env” with no arg to look at all the environment variables present. |
Beta Was this translation helpful? Give feedback.
-
Hi @wei I would think that is how it works, but the very top of the script reads in passed args. PROJECT=$1 … The project would be $1 and it does not post correctly. However, if I put in my args like this args = [“project1”, “app1”, “TOKEN”, “role1”, “PASSWORD”] (PASSWORD and TOKEN are secrets) Then my log comes back better:
But I can tell the secrets still didn’t make it through correctly, and I’d rather not expose it to debug but I may have to. |
Beta Was this translation helpful? Give feedback.
-
Just create a new test secret and see if it comes back. Regardless, secrets are masked with [FILTERED] in the output anyways. Try my “env” test mentioned above if you still have troubles. |
Beta Was this translation helpful? Give feedback.
-
The runs env block, are you suggesting a block right before the script block? Such as action “environment check” { Also, I echoed out all passed args to the script then cat’d that script. I also wanted to see if there is a difference from my test secret being with our without $. My result is, they were passed but not interpolated. My test secret was TESTSECRET with a value of: TESTTESTTEST Args looked like this: args = “projec1 app1 $TOKEN encrypted_role $PASS TESTSECRET $TESTSECRET” My cat (from the deploy.sh script) showed this: project1 app1 $TOKEN encrypted_role $PASS TESTSECRET $TESTSECRET |
Beta Was this translation helpful? Give feedback.
-
Try echo out env in the deploy.sh using echo $(env) to make sure it contains everything you want. And you have to have $ before variables otherwise they are not interpolated. |
Beta Was this translation helpful? Give feedback.
-
Okay, I solved this. It looks like secrets are not passed at all through arguments. They are only exposed as environment variables. So to use my secrets, I had to slurp them in the bash script not pass them as arguments to the script from actions. For those who come after me and beat their head against the wall, this is what I did per secret #!/bin/bash … PASS= … doing_something_username password $PASS post_in_slack $TOKEN |
Beta Was this translation helpful? Give feedback.
Okay, I solved this. It looks like secrets are not passed at all through arguments. They are only exposed as environment variables. So to use my secrets, I had to slurp them in the bash script not pass them as arguments to the script from actions. For those who come after me and beat their head against the wall, this is what I did per secret
#!/bin/bash
…
PASS=
printf '%s\n' "${PASS}"
SLACK_TOKEN=
printf '%s\n' "${TOKEN}"
…
doing_something_username password $PASS
post_in_slack $TOKEN