-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable secrets
validation in jobs when using dynamic environment
#41
Comments
@SpencerKaiser are you able to share more of the workflow? Are those variables defined at the job or step level? Does the job contain |
I shared snippets below but I'd rather not share the entirety unless I can do it via email or Slack or something... want me to email it to the email on your profile? Looks like you're staff at GitHub, so feel free to grab my email or whatever if you have access to it 👀 To answer your questions, the variables are just passed directly into steps and the environment has a default but I use an Trigger ( on:
workflow_dispatch:
inputs:
environment:
description: 'Deployment Environment'
type: environment
required: true Parent job initialization with relevant step (other steps removed): jobs:
release:
name: Build and Push
environment:
name: ${{ github.event.inputs.environment || 'stage' }}
runs-on: ubuntu-latest
steps:
- name: Deploy stack
run: yarn [REDACTED]
env:
DEPLOYMENT_ENVIRONMENT: ${{ env.ENVIRONMENT_NAME }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_ENVIRONMENT: ${{ secrets.SENTRY_ENVIRONMENT }}
ACM_CERTIFICATE_ID: ${{ secrets.ACM_CERTIFICATE_ID }} We're setting about 20 environment variables in that step by passing them to a yarn script; every single repo secret does not have the warning and every single environment secret shows the warning. 💡 Lastly, you're definitely on to something with the dynamic expression... I replaced the environment to make it static and the warnings cleared: jobs:
release:
name: Build and Push
environment:
name: stage
|
@SpencerKaiser no that helps, thanks for the details! Yes, so we detect what environment is being used in a job, and only then add the environment secrets to the Obviously this doesn't work when I've updated the issue title to reflect this a bit better. |
Context access might be invalid
warningsecrets
validation in jobs when using dynamic environment
The PR has been completed and the fix will be available in our upcoming release v0.25.7, which planned for release May 5, 2023. Thanks so much for submitting great bugs and feedback to help make the extension even better! |
The fix has been released and is available in |
Describe the bug
Referencing a secret that is stored at the environment level instead of a repository secret throws an warning
To Reproduce
Steps to reproduce the behavior:
Problems
tabExpected behavior
Warnings will only be shown for secrets that are not found at the environment level OR the repo level
Screenshots
Extension Version
v0.25.2
The text was updated successfully, but these errors were encountered: