GitHub Actions: Environment Variables & Secrets

Environment Variables #

Declaring a variable #

1. At Workflow level #

env:
  GLOBAL_VAR: 'Global Value'

Variable is always the same across all jobs and environments in this Workflow.

2. At a Job level #

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      JOB_VAR: 'Job-specific Value'

Variable is different for each environment.

3. At a Step level #

steps:
  - name: Set Step Variable
    run: echo "STEP_VAR=Step Value" >> $GITHUB_ENV

Accessing a variable #

To access these variables in your scripts, use the following syntax:

• For shell commands: $VARIABLE_NAME
• In YAML expressions: ${{ env.VARIABLE_NAME }}

This structure allows you to adapt your workflows based on the context of the run, making your CI/CD processes more flexible and efficient.

Default Environment Variables #

GitHub Actions also provides a couple of default environment variables that are set automatically: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables

These environment variable can, for example, give you quick access to the repository to which the workflow belongs, the name of the event that triggered the workflow and many other things.

Environment Variables vs Secrets #

Creating secrets for a repository #

To create secrets or variables on GitHub for an organization repository, you must have write access. For a personal account repository, you must be the repository owner to create secrets or variable in the web UI or a repository collaborator to create secrets or variables through the REST API.

1. On GitHub, navigate to the main page of the repository.
2. Under your repository name, click Settings. If you cannot see the “Settings” tab, select the- dropdown menu, then click Settings.

3. In the “Security” section of the sidebar, select

4. Secrets and variables, then click Actions.

5. Click the Secrets tab.

6. Click New repository secret.
7. In the Name field, type a name for your secret.
8. In the Secret field, enter the value for your secret.
9. Click Add secret.

If your repository has environment secrets or can access secrets from the parent organization, then those secrets are also listed on this page.

Accessing secrets #

Secrets context object is being used to access / reference secrets stored in GitHub Actions repository / organization.

1
2
3
4
5

    env:
      MONGODB_CLUSTER_ADDRESS: cluster0.15pwqcc.mongodb.net
      MONGODB_USERNAME: ${{ secrets.MONGODB_USERNAME }}
      MONGODB_PASSWORD: ${{ secrets.MONGODB_PASSWORD }}
      PORT: 8080

GitHub Deployment Environments #

Environments are used to describe a general deployment target like production, staging, or development.

When a GitHub Actions workflow deploys to an environment, the environment is displayed on the main page of the repository.

Referencing environments #

1
2
3
4
5
6
7
8

jobs:
  test:
    environment: testing
    env:
      MONGODB_CLUSTER_ADDRESS: cluster0.15pwqcc.mongodb.net
      MONGODB_USERNAME: ${{ secrets.MONGODB_USERNAME }}
      MONGODB_PASSWORD: ${{ secrets.MONGODB_PASSWORD }}
      PORT: 8080

More info:

• Deployment Environments: https://docs.github.com/en/actions/concepts/workflows-and-actions/deployment-environments
• Creating environments: Managing environments for deployment

» Sources « #

• GitHub Actions Variables: https://docs.github.com/en/actions/concepts/workflows-and-actions/variables
• Variable References: https://docs.github.com/en/actions/reference/workflows-and-actions/variables
• Using Secrets in GitHub Actions: https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets
• Deployment Environments: https://docs.github.com/en/actions/concepts/workflows-and-actions/deployment-environments
• Creating environments: Managing environments for deployment

» Disclaimer « #