How to pipe a github secret variable into a file

I have a github pipeline and im piping a github sercret variable into a file but i get the following error.

/home/runner/work/_temp/c6144b9a-c8e3-489a-ae97-795f592c57f0.sh: line 6: /config: Permission denied
echo: write error: Broken pipe
  deploy:
    name: Deploy
    # if: startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@master
    
    - name: Setup Kubectl
      run: |
        sudo apt-get -y install curl
        curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
        chmod +x ./kubectl
        sudo mv ./kubectl /usr/local/bin/kubectl
        sudo echo $KUBECONFIG_B64DATA | base64 --decode > /config
        sudo mkdir -p ~/.kube
        sudo mv config /root/.kube/

You get the “permission denied” error here because a non-root user is not allowed to write to the root directory (/). Only the first command in that pipeline (the echo) is run with sudo, but the part that’d need it is the output redirection.

You change that by wrapping the whole line starting at echo in a sudo bash -c. However, considering that the last command tries to move a config file from the current directory instead of /config from the root directory I guess the correct fix would be:

echo $KUBECONFIG_B64DATA | base64 --decode > config
1 Like

actually i fix the move now but the echo returns **** so i get an base64: invalid input

Hi @kaykhan,

KUBECONFIG_B64DATA is an env variable not a secret one. You can use {{ secrets.KUBECONFIG_B64DATA }} instead, or you have to set it in ‘env’ firstly.

run: |
  echo $KUBECONFIG | base64 --decode > config
env:
   KUBECONFIG: ${{ secrets.KUBECONFIG_B64DATA }}

Please check similar ticket for more details.

1 Like