Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to use GitHub Secret with Composite action

See original GitHub issue

Describe the bug

I’m trying to pass the secrets to a script run from composite action. But instead of passing actual value, it passes mask (***).

To Reproduce

Steps to reproduce the behavior:

Workflow file (main.yml) in repo-2:

name: "pre-release"
on:
  push:
    branches:
      - 'master'

jobs:
  pre-release:
    name: "Pre Release"
    runs-on: "ubuntu-latest"
    
    steps:
      - name: "checking secrets"
        shell: bash
        run: |
          echo "${{ secrets.MY_USERNAME }} - ${{ secrets.MY_PASSWORD }}"
          echo "${{secrets.my_username}} - ${{secrets.my_passsword}}"

      - uses: VatsalJagani/My-action@mytag
        env:
          env_param1: "param-value1"
          env_my_username: "${{ secrets.my_username }}"
          env_my_password: "${{ secrets.my_password }}"
        with:
          param1: "param-value1"
          my_username: "${{ secrets.my_username }}"
          my_password: "${{ secrets.my_username }}"

I’ve also created two repository secrets:
- my_username, my_password

GitHub action (public repo-1 (VatsalJagani/My-action)) - action.yml:

name: "Test composite action"
description: "test composite action"

inputs:
  param1:
    description: "param1"
    required: false
    default: ""
  my_username:
    description: "My username"
    required: true
  my_password:
    description: "My password"
    required: true

runs:
  using: "composite"
  steps:
    - name: "Installing Node JS"
      uses: actions/setup-node@v2
      with:
        node-version: '12'

    - name: "checking environment variables"
      shell: bash
      run: |
        echo "${{inputs.param1}} - ${{inputs.my_username}} - ${{inputs.my_passsword}}"
        echo "$env_param1 - $env_my_username - $env_my_passsword"

    - name: "Running Checks"
      shell: bash
      env:
        MY1_param1: "${{inputs.param1}}"
        MY1_my_username: "${{inputs.my_username}}"
        MY1_my_password: "${{inputs.my_passsword}}"
        MY2_param1: "${{env.env_param1}}"
        MY2_my_username: "${{env.env_my_username}}"
        MY2_my_password: "${{env.env_my_passsword}}"
        MY3_param1: "$env_param1"
        MY3_my_username: "$env_my_username"
        MY3_my_password: "$env_my_passsword"
      run: |
        node ${{ github.action_path }}/dist/index.js

Job Log Output

index.js file is invoking the python script with @core/exec module.
I’m trying to access the environment variable with os.environ() and os.getenv("<name>") and the results are the same as described below.

MY1_param1=param-value1
MY1_my_username=***
MY1_my_password=
MY2_param1=param-value1
MY2_my_username=***
MY2_my_password=
MY3_param1=$env_param1
MY3_my_username=$env_my_username
MY3_my_password=$env_my_password

Also, see the output from echo statements (added for debugging):

> checking secrets
  Run echo "*** - ***"
  *** - ***
  *** - 

> checking environment variables
  Run echo "param-value1 - *** - "
  param-value1 - *** - 
  param-value1 - *** -

Expected behavior

The environment variable should have value for the secret and not the mask (***).

What’s not working?

Unable to retrieve the secrets as an environment variable (in clear text) in composite GitHub action.

Runner Version and Platform

Not sure about the version of runner. Just using default GitHub runner.
Platform - ubuntu-latest

Runner and Worker’s Diagnostic Logs

<N/A>

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:6

Top GitHub Comments

3reactions

tonysathrecommented, Jan 6, 2022

I was able to work around this by first setting them as environment variables:

    env:
        USERNAME: ${{ inputs.some-username }}
        PASSWORD: ${{ inputs.some-password }}
        PROXY_USERNAME:  ${{ inputs.proxy-username }}
        PROXY_PASSWORD:  ${{ inputs.proxy-password }}

1reaction

VatsalJaganicommented, Jan 6, 2022

I’m wondering why this has not been acknowledged yet though being a common issue. @booker-h, @tonysathre - this should be a common issue and yet no answer in the document as well.

Solving this moves a lot of common use-cases from being a very lengthy and complex nodejs action to a very simple composite action.