3

I usually hide my API key in an XML file and use .gitignore along with getString() to retrieve my API key.

I'm trying to use Github Actions to automate Gradle build and Release of debug apk's. Due to the XML file not being uploaded to the repo, it obviously fails.

Is there any way to store my key in Github Secrets and then replace the code with the secret?

Current code: headers["token"]= getString(R.string.token)
Replaced code in Github actions server : headers["token"]="MY_API_KEY_FROM_SECRETS"

Here's my YAML file that I was using:

name: Gradle build test and release
on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
   #I'd like to replace the api key here in code from secrets
    - name: Make Gradle executable
      run: chmod +x ./gradlew
    - name: Build with Gradle
      run: ./gradlew build
    - name: Build Debug APK
      run: ./gradlew assembleDebug
    - name: Releasing using Hub
      uses: ShaunLWM/action-release-debugapk@master
      env:
       GITHUB_TOKEN: ${{ secrets.TOKEN }}
       APP_FOLDER: app
       RELEASE_TITLE: New Build
       BODY: github.event.head_commit.message
       prerelease: true
CyberShark
  • 410
  • 5
  • 16

1 Answers1

4

Sure, this is possible. You haven't said what file you'd like modified, but this should be easy enough to do with a one-liner (replacing FILENAME with your config file name):

- run: perl -pi -e 's/getString\(R\.string\.token\)/"$ENV{TOKEN}"/' FILENAME
  env:
    TOKEN: ${{ secrets.TOKEN }}

If you prefer Ruby or some other scripting language, you can use that instead. You could also use sed, but I prefer this approach because it means that the value is never available in ps output (even if this is a locked down VM).

bk2204
  • 64,793
  • 6
  • 84
  • 100
  • Hey my file is deep in my git workspace, And I don't know a bit of perl or have it setup, I tried this, but doesn't seem to build,implying that it didnt replace properly. Am i doing something wrong? run: perl -pi -e 's/getString(R.string.token)/"$ENV{TOKEN}"/' app/src/main/java/com/cybershark/foodflix/fragments/RestaurantsFragment.kt env: TOKEN: ${{ secrets.API_KEY }} – CyberShark Apr 03 '20 at 06:08
  • 1
    I've updated the regex to escape some of the characters that weren't properly escaped, so it should work now. You can test it on your computer by setting `TOKEN` to something in your environment and then running the Perl one-liner, and make sure that it does the substitution that you want. – bk2204 Apr 03 '20 at 19:56
  • Thanks a lot man, Will definetely look into perl in the future :) Also i needed to add another set of " " for the $ENV{TOKEN} as it didn't appear as String for me. – CyberShark Apr 04 '20 at 01:26