Rails encrypted credentials not available; `undefined method [] for nil class`; secrets do not come through into GH container when running on GH Actions

[jasonfb]

Even though I have set RAILS_MASTER_KEY: ${{secrets.RAILS_MASTER_KEY}} in the env setting for Github, the master key is not set and the credentials are not decrypted on the GH container

Notice this baby app simply has 1 spec and 1 home page asserting "hello world". The home page outputs the encrypted secret called a_thing > subkey (see https://github.com/jasonfb/TestGHSecrets/blob/main/app/views/welcome/index.html.erb#L3). this simply serves to test the fact that the secret is available; in a real app, you would never actually publish your secret right to the user's screen like that of course.

my workflow file

# This workflow uses actions that are not certified by GitHub.  They are
# provided by a third-party and are governed by separate terms of service,
# privacy policy, and support documentation.
#
# This workflow will install a prebuilt Ruby version, install dependencies, and
# run tests and linters.
name: "Test Suite"
on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

env:
  RAILS_ENV: test
  DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
  RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:11-alpine
        ports:
          - "5432:5432"
        env:
          POSTGRES_DB: rails_test
          POSTGRES_USER: rails
          POSTGRES_PASSWORD: password
      chrome:
        image: selenium/standalone-chrome:latest
        ports:
          - 4444:4444
    env:
      RAILS_ENV: test
      DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"

    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Install Ruby and gems
        uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
        with:
          bundler-cache: true

      - name: Setup Node
        uses: actions/setup-node@v2
        with:
          node-version: 18

      - name: npm install
        run: npm install

      - name: Set up database schema
        run: bin/rails db:schema:load
      - name: Run tests
        run: bin/rake

Results:

• there is no encrypted secrets, which indicates there is no RAILS_MASTER_KEY set in the container:

expected result:

• RAILS_MASTER_KEY is set as an ENV setting and picked up by Github in the container.

[jasonfb]

the fix is to add environment: testing to the test job (just below runs-on: ubuntu-latest

Notice that the word "testing" corresponds to the name of the GH Environment you create for your repository — not the Rails environment settings.