How to get GitHub secrets of host repository as input in github action?

Question

We have a repository named recent-activity which hosts a GitHub action and is available for use to all GitHub users. We want to add a URL on which we can send http requests when the action is run (by any user). However, we don't want to disclose the URL publicly.

Is there any way this can be done?

score 0 · Answer 1 · answered May 24 '21 at 11:03

0

You can include secrets from your repo into the workflows directly by specifying their name. Let's say you have a secret named URL then you can simply use it like:

env:
     URL: ${{ secrets.URL }}

Now your URL is fetched and you can use it in other commands like this $URL

answered May 24 '21 at 11:03

Verma Aman

149
14

However, we don't want users to modify it. – ABHISHEK Joshi May 24 '21 at 11:09
What do you mean by that? How can a user modify it? – Verma Aman May 24 '21 at 11:10
User can modify it by putting their own env variables right? – ABHISHEK Joshi May 24 '21 at 11:13
The snippet I posted is supposed to go in your GitHub action yml file. Sorry but, I am not exactly sure what you mean by the user can modify it. – Verma Aman May 24 '21 at 11:15
I tried what you suggested. `Error: Readme-Workflows/recent-activity/github-secret/action.yml (Line: 20, Col: 9): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.TEST_SECRET`. This is the error I got when I ran the workflow on another repo – ABHISHEK Joshi May 24 '21 at 11:26
Check out this action for reference: https://github.com/amannv2/Notes/blob/master/.github/workflows/docker.yml – Verma Aman May 25 '21 at 04:58
I added the secret on this repo: https://github.com/Readme-Workflows/recent-activity . And I am using that workflow here: https://github.com/abhijoshi2k/abhijoshi2k/blob/master/.github/workflows/update-readme.yml . But I am unable to get the variable. `TEST_SECRET` is the secret variable. – ABHISHEK Joshi May 25 '21 at 07:28
Make sure you're adding the secret in the same repo in which you're creating the GitHub Action – Verma Aman May 25 '21 at 13:12
Yes I checked that again. – ABHISHEK Joshi May 25 '21 at 15:43

GuiFalourd · Answer 2 · 2021-05-24T16:41:19.897

0

You'll find on the official documentation everything you need about Github Secrets

Note that the repository users won't have access to the secret, because you need admin permissions to edit secrets' values. Moreover, secrets won't be shown on the action workflow execution (they will be replaces by *** in logs).

Everyone will use this secret variable in the workflow the same way, without having access to its value.

Demo

Personal workflow example
The output of the step printing secret values appears like the image below:

edited May 24 '21 at 16:41

answered May 24 '21 at 13:15

GuiFalourd

15,523
8
44
71

1

This is the process for the users using the workflow whereas I am the developer of the workflow. And I don't want to share the URL with anyone when they use my workflow. So users don't have to add any secret. I want the request to be sent to same URL whenever any of the user uses the workflow. But the URL must remain private from everyone. I have updated my question to make it clearer. – ABHISHEK Joshi May 24 '21 at 16:05
It is exactly the way secrets work. It's not the users which will add the secret, **you** will (as repo admin). Then, everyone will use this secret variable in the workflow the same way, without having access to its value. – GuiFalourd May 24 '21 at 16:39
I added the secret on this repo: https://github.com/Readme-Workflows/recent-activity . And I am using that workflow here: https://github.com/abhijoshi2k/abhijoshi2k/blob/master/.github/workflows/update-readme.yml . But I am unable to get the variable. `TEST_SECRET` is the secret variable. – ABHISHEK Joshi May 25 '21 at 07:28
It doesn't seem that `Readme-Workflows/recent-activity@github-actions` is an available action (therefore the syntax you used may not work). Did you try using only on a specific step like I gave in the example on the post at the `Run command with Secret` step? (if you try to print the secret, the workflow will return `***` for example, and if the secret is not set, it should return an error). – GuiFalourd May 25 '21 at 09:51
It's `@github-secrets` which is a branch on that repo. I got that `***` output when I added secret on https://github.com/abhijoshi2k/abhijoshi2k . However, I want to add secret in https://github.com/Readme-Workflows/recent-activity and make it accessible when `abhijoshi2k` repo runs the workflow. – ABHISHEK Joshi May 25 '21 at 11:39
If I understood correctly, you want to access the *Readme-Workflows/recent-activity* repo secrets from your other *abhijoshi2k* profile repo workflow? Is that correct? – GuiFalourd May 25 '21 at 14:12
Yes that's correct. There's already a secret named TEST_SECRET in **Readme-Workflows/recent-activity** – ABHISHEK Joshi May 25 '21 at 15:41
You can't share secrets between repositories (except for organisations which can have a secret set at the org level). However, you could create an action that would receive an input parameter (that can be a secret) to perform a specific operation on each repo using the action in a workflow. – GuiFalourd May 25 '21 at 18:46
So that means I cannot send the http request without disclosing the url to users of the workflow. Is there any other way to do so? – ABHISHEK Joshi May 25 '21 at 20:17
I don't know if there is another way to do it :/ – GuiFalourd May 26 '21 at 14:35

How to get GitHub secrets of host repository as input in github action?

2 Answers2