Sometimes tests require secret tokens to run (e.g. https://github.com/pkgjs/wiby needs GITHUB_TOKEN to properly test integration with Github). Reusable workflows do not make this easy - unlike regular steps, you're not allowed to set jobs.<job_id>.env for reusable workflows; the env vars set on the calling workflow are not passed through; the secrets need to be explicitly enumerated in the called (shared) workflow.
Hence the hack - pass the secrets as a JSON object 🤷♂️.
The param is called test-secrets, because it only sets the values for the test step. We have scope to explicitly add install-secrets, checkout-secrets, etc in the future.
Closes #32
Sometimes tests require secret tokens to run (e.g. https://github.com/pkgjs/wiby needs
GITHUB_TOKEN
to properly test integration with Github). Reusable workflows do not make this easy - unlike regular steps, you're not allowed to setjobs.<job_id>.env
for reusable workflows; the env vars set on the calling workflow are not passed through; the secrets need to be explicitly enumerated in the called (shared) workflow.Hence the hack - pass the secrets as a JSON object 🤷♂️.
Usage:
The param is called
test-secrets
, because it only sets the values for the test step. We have scope to explicitly addinstall-secrets
,checkout-secrets
, etc in the future.I'll be writing up the documentation next, and I'll make sure to add the usual caveats of leaking secrets via environment.
Test runs:
TESTING_TESTING
secret, but it is not available in the repo secrets: https://github.com/dominykas/pkgjs-action/actions/runs/1646277491/attempts/1 (there's a warning in the logs)TESTING_TESTING
is set up correctly: https://github.com/dominykas/pkgjs-action/actions/runs/1646277491/attempts/2secrets
configured for the workflow: https://github.com/dominykas/pkgjs-action/actions/runs/1646292401