Secrets in matrix

name: Deployment

on:
  push:
    branches:
      - master
jobs:
  build:
    strategy:
      matrix:
        envs: [ENVONE]
        include:
          - envs: ENVONE
            VAR_API_KEY: ${{secrets.ENVONE_API_KEY}}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Run Deployment
        run: |
          echo hello
        env:
          VAR_API_KEY: ${{maxtrix.envs.VAR_API_KEY}}

The above yaml file causes the following error.

- Your workflow file was invalid: The pipeline is not valid. .github/workflows/default.yml (Line: 14, Col: 33): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ENVONE_API_KEY,.github/workflows/default.yml (Line: 15, Col: 30): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.ENVONE_API_KEY

According to the documentation that is how you pass a secrets reference? Any thoughts what I did wrong here?

It seems that the values of matrix parameters should be specified only with actual values, and can’t use variables (secrets, environment variables).

And in the example you shared, the parameters envs and VAR_API_KEY are at the same level and no affiliation. So the expression ${{maxtrix.envs.VAR_API_KEY}} you used to call VAR_API_KEY is incorrect, you should use ${{maxtrix.VAR_API_KEY}}.

2 Likes

You can define the Secret name in your matrix configuration and then dereference it in the Steps using array notation. This is what ours looks like:

strategy:
  matrix:
    org: [apples, bananas, carrots] #Array of org mnemonics to use below
    include:
      # includes a new variable for each org (this is effectively a switch statement)
      - org: apples
        sfdxurl_secret: APPLES_SFDXURL
      - org: bananas
        sfdxurl_secret: BANANAS_SFDXURL
      - org: carrots
        sfdxurl_secret: CARROTS_SFDXURL

steps:
  - uses: actions/checkout@v2
  - uses: sfdx-actions/setup-sfdx@v1
    name: Install SFDX CLI and authorize org
    with:
      sfdx-auth-url: ${{ secrets[matrix.sfdxurl_secret] }}
17 Likes

We’ve tried this exact same construct but in a env block instead of with and it doesn’t seem to resolve the secret…

Magic! :slight_smile:

more characters