GitHub Action for adding all variables and secrets to .env.local

Question

I was searching a lot how to add all the GitHub variables and secrets in a file without concerning about them.

Now I am using this manual solution. Which forces me to always change here according to the new added/removed variables/secrets:

- name: ▶️ 4. Create .env.local file
  run: |
    touch .env.local
    echo DB_CONN_DEFAULT_NAME="${{ secrets.DB_CONN_DEFAULT_NAME }}" >> .env.local
    echo DB_CONN_DEFAULT_USERNAME="${{ secrets.DB_CONN_DEFAULT_USERNAME }}" >> .env.local
    echo DB_CONN_DEFAULT_PASSWORD="${{ secrets.DB_CONN_DEFAULT_PASSWORD }}" >> .env.local
    echo FILESTORAGE_MAIN__LOCATION_UPLOADS="${{ secrets.FILESTORAGE_MAIN__LOCATION_UPLOADS }}" >> .env.local
    echo WEB_URL="${{ vars.WEB_URL }}" >> .env.local

My Problem

I couldn't find, as far as I searched for it, a GitHub action which iterates through variables and secrets and put all of them in a file.

Or it could be a yaml syntax for looping through them. Do you have any idea?

Question: what would be the solution to not write them manually in my .env.local file?

Update

I tried what @Azeem adviced me in his comments.

Here is the workflow output and the error:

Run touch .env.local
  touch .env.local
  
  echo "# GitHub variables"
  echo "{
    "APP__BOS_WEBSITE__WEB_URL": "---",
    "APP__LEARNING_SPACE__WEB_URL": "---",
    "APP__WEBDEV_SPACE__WEB_URL": "---",
    "APP__WEBWORK_SPACE__WEB_URL": "---",
    "WEB_URL": "---"
  }" | jq -r 'keys[] as $k | "\($k)=\(.[$k])"' >> .env.local
  
  echo "# GitHub secrets"
  echo "{
    "FTP_USERNAME": "***",
    "github_token": "***",
    "DB_CONN_MAIN_USERNAME": "***",
    "FILESTORAGE_MAIN__LOCATION_UPLOADS": "***",
    "DB_CONN_MAIN_PASSWORD": "***",
    "FTP_PASSWORD": "***",
    "FILESTORAGE_WEBDEV__LOCATION_UPLOADS": "***",
    "FILESTORAGE_WEBSITE__LOCATION_UPLOADS": "***",
    "DB_CONN_MAIN_NAME": "***",
    "FTP_SERVER_DIR": "***"
  }" | jq -r 'keys[] as $s | "\($s)=\(.[$s])"' >> .env.local

  shell: /usr/bin/bash -e {0}
  env:
    COMPOSER_PROCESS_TIMEOUT: 0
    COMPOSER_NO_INTERACTION: 1
    COMPOSER_NO_AUDIT: 1
    CACHE_RESTORE_KEY: Linux-php-7.4.33-composer-locked-

# GitHub variables
parse error: Invalid numeric literal at line 2, column 28
Error: Process completed with exit code 4.

See [this](https://stackoverflow.com/questions/75691648/how-to-inject-all-github-environment-specific-variables-from-vars-to-env-context). For your use case, it should be `echo "${{ toJSON(secrets) }}" | jq -r 'keys[] as $k | "\($k)=\(.[$k])"' >> .env.local`. — Azeem, May 04 '23 at 10:10
@Azeem I tried and I have an error in Action: https://prnt.sc/huxw7QOLZPLl. Do you have any idea which would be the problem? — Arshavin, May 04 '23 at 12:19
Please paste the error in text here in the comment. That link is not opening correctly on my side. — Azeem, May 04 '23 at 12:22
Ok @Azeem. The text is: "parse error: Invalid numeric literal at line 2, column 28. Error: Process completed with exit code 4." — Arshavin, May 04 '23 at 12:24
Please [edit](https://stackoverflow.com/posts/76171375/edit) your and add your current workflow and this error under and UPDATE heading. — Azeem, May 04 '23 at 12:25
Updated command: `echo '${{ toJSON(secrets) }}' | jq -r 'keys[] as $k | "\($k)=\(.[$k])"' >> .env.local` — Azeem, May 04 '23 at 12:29
Yes, that looks like the double quotes' issue. Please use the latest command from my above comment. — Azeem, May 04 '23 at 12:32
Why would you do this to start with? The point of the .env file is to simplify environment configuration while developing, where you might have multiple projects with their own config; in the GitHub Actions environment you can just _set the actual env vars_. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#env (and the job- and step-level equivalents). — jonrsharpe, May 04 '23 at 12:35
I wanna do this so the entry nooby developers don't have access to the env vars in the .github/workflows files. — Arshavin, May 04 '23 at 12:38
@Azeem, it worked, thx. But the echo "# GitHub variables" command didn't do anything actually. Do you have any idea why? — Arshavin, May 04 '23 at 12:39
You don't put the _actual values_ in the workflow file, you reference the same secrets you're trying to put into a file. It's no less secure (actually probably a bit _more_ secure, as your way risks leaking them through any stored artifacts). — jonrsharpe, May 04 '23 at 12:40
@Arshavin: `echo "# GitHub variables"` is just printing a log. It's right there in the logs that you posted earlier. See the third last line. — Azeem, May 04 '23 at 12:42
I understand what you're saying. The point is it could depends what vars, from .env, I want to overwrite with .env.local, so it's easier to just change the vars from GitHub Repo Environments. We have more than one project with this workflow, so it's a mess to always change them from .yml file. — Arshavin, May 04 '23 at 12:42

score 0 · Accepted Answer · answered May 04 '23 at 12:53

You can use toJSON function and jq to dump secrets context in a .env file:

echo '${{ toJSON(secrets) }}' | jq -r 'keys[] as $k | "\($k)=\(.[$k])"' >> .env.local

Here's another similar thread involving vars context:

How to inject all Github environment-specific variables from vars to env context?

GitHub Action for adding all variables and secrets to .env.local

My Problem

Update

1 Answers1