search

All-Hands-AI / OpenHands

🙌 OpenHands: Code Less, Make More
https://all-hands.dev
MIT License
37.2k stars 4.22k forks source link

Enable OpenHands Resolver to Configure Additional Environment Variables from GitHub Secrets #5132

Open rapturt9 opened 2 days ago

rapturt9 commented 2 days ago

What problem or use case are you trying to solve?

The OpenHands resolver doesn't have options to dynamically set additional environment variables required to run our project.

Describe the UX of the solution you'd like

Introduce the ability to add extra secrets to the workflow, allowing the OpenHands resolver to set up necessary environment variables automatically. This can be achieved by passing a JSON string of environment variables within the workflow configuration.

Do you have thoughts on the technical implementation?

Example Configuration:

jobs:
  call-openhands-resolver:
    if: |
      ${{ 
        github.event.label.name == 'fix-me' ||
        (github.event_name == 'issue_comment' &&
        (startsWith(github.event.comment.body, vars.OPENHANDS_MACRO || '@openhands-agent')) &&
        (github.event.comment.author_association == 'OWNER' || 
         github.event.comment.author_association == 'COLLABORATOR' || 
         github.event.comment.author_association == 'MEMBER'))
      }}
    uses: All-Hands-AI/OpenHands/.github/workflows/openhands-resolver.yml@main
    with:
      macro: ${{ vars.OPENHANDS_MACRO || '@openhands-agent' }}
      max_iterations: 200
      additional_env: |
        {
          "NEW_VAR1": "${{ secrets.NEW_VAR1 }}",
          "NEW_VAR2": "${{ secrets.NEW_VAR2 }}"
        }
    secrets:
      PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
      PAT_USERNAME: ${{ secrets.PAT_USERNAME }}
      LLM_MODEL: ${{ secrets.LLM_MODEL }}
      LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
      LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
      NEW_VAR1: ${{ secrets.NEW_VAR1 }}
      NEW_VAR2: ${{ secrets.NEW_VAR2 }}

Describe alternatives you've considered

Passing in a secure link to an env file, but not sure how this would work.

Additional context

Implementing this enhancement will significantly improve the flexibility and maintainability of our workflows.

malhotra5 commented 2 days ago

Thanks for the feedback!

I think we can support this in the following manner

  1. Create repo variables that are prepended with OPENHANDS_ENV. For example - OPENHANDS_ENV_CONTENTFUL_API_KEY (note that this needs to be set by the user).
  2. Any variables that contain the OPENHANDS_ENV prefix will passed to resolver as SANBOX_ENV_${name}. Continuing the example from above, we would get SANBOX_ENV_CONTENTFUL_API_KEY

After these steps Openhands agents will have access to CONTENTFUL_API_KEY in its environment. This way ENV variables can be passed without having to update the workflow definition every time.

cc @neubig I'd love to take a shot at this!

EDIT: we should store these env variables in repo secrets NOT repo variables

neubig commented 2 days ago

Thanks @malhotra5 , assigned!