Matrix-based secrets?

I am trying to run a matrix-based action to run a test. However, I want it to use a different secret depending on the value of one of the matrix items, in my case os.

    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
        arch: [amd64]
        python-version: [3.9]
        include:
          - os: ubuntu-latest
            sg: ${{ secrets.SG1 }}
          - os: windows-latest
            sg: ${{ secrets.SG2 }}
          - os: macos-latest
            sg: ${{ secrets.SG3 }}

When I run this, I get an error: Unrecognized named-value: 'secrets'.

I know I could do if: conditions and just copy and paste the action three times but seems very redundant.

Is there a better way to do this?

Hi @sohmc, you can use secrets in a workflow only as inputs or as environment variable definitions. This is why that secrets variable is not recognized. See more here: Workflow syntax for GitHub Actions - GitHub Docs

Here’s an example of how to use the secrets via environment variables:

steps:
  - name: My first action
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      FIRST_NAME: Mona
      LAST_NAME: Octocat

That said, you want to use a strategy matrix and access the secrets respectively, so you can try something like this:

strategy:
  matrix:
    token: [sg1, sg2, sg3]

And later in the step of the job:

env:
  token: ${{secrets[matrix.token]}}

This way, you have an environment variable named token with the value of the secret in each respective element.

Would that work for you?