What options exist to unset env variables in workflows

I understand well how to set env variables in a GitHub Action workflow step but it’s not clear how to unset an environment variable to remove it. This is possible with today’s GithubActions apis?

I have a use case where I’d like to setup aws credentials to check a precondition for a workflow job but then remove these credentials from the env for the following steps to that they do not have access to them

I’ve tried the following approaches but none seem to have worked based on what I see when I click on the tree icon in the action logs for the steps that follow.

steps:
...
- name: clear credentials
   # in theory this should delete any lines with env vars starting with AWS_
   run: sed -i '/^AWS_/d' $GITHUB_ENV
steps:
...
- name: clear credentials
   run: |
      # in theory this should override any existing env vars starting with AWS_ with an empty string
      for var in $(env | grep AWS_ | cut -d '=' -f1); do
         echo "$var=" > $GITHUB_ENV
      done

update: In my initial attempt I realized later that I was using > instead of >> . My example then becomes

steps:
...
- name: clear credentials
   run: |
      # in theory this should override any existing env vars starting with AWS_ with an empty string
      for var in $(env | grep AWS_ | cut -d '=' -f1); do
         echo "$var=" >> $GITHUB_ENV
      done

That effectively allows me to override the env variables but doesn’t allow me to clear the env variable entirely. I’m still interested in learning if this is possible.

The easiest solution would be not to add the credentials to the job-wide environment to begin with. If the check is just one step (or maybe a few) you can use jobs.<job_id>.steps[*].env instead of writing to GITHUB_ENV, if it’s more complex you could make it a separate job and make your current job depend on it.

First off jinx! @softprops (How to remove an environment variable on GitHub actions? - Stack Overflow)

Second before you tried to mutate the $GITHUB_ENV did you check its contents? As far as I could tell it’s empty at the beginning of every step and points to a different temp file for each step.

1 Like