Cannot share secrets with your organization
Secrets can only be set at the repository level:
You can use your secret value using the following syntax:
${{ secrets.FIREBASE_TOKEN }}
It is just fine until you need share secrets between repository.
Solution: Copy Past secrets or use a Vault
One interesting solution was shared on twitter by @AMeausoone.
Or use a secret-as-a-service tool https://t.co/2ryZfd2X20 or https://t.co/21NfyF9y0e
— AntoineMéausoone [Ξ] (@AMeausoone) December 11, 2019
You could use a vault that will contain all your secrets and therefore, only one secret needs to be stored: The Vault secret.
I like the idea but for now I just copy past my secrets. Painful but ¯_(ツ)_/¯
Running actions requires to commit
This is really annoying. Only a commit can trigger a workflow!
It means that you cannot play with your workflow Yaml file before committing anything (something that you can do with codefresh.io)
A great feature that I like
One interesting solution was shared on twitter by @AlainHelaili.
Oh I see. That’s an interesting use case and I need to circle that back internally. In the meantime, you could push an empty commit.
— Alain Hélaïli (@AlainHelaili) December 18, 2019
git commit --allow-empty -m 'Trigger Actions!'
$ git commit --allow-empty -m 'Trigger Actions!'
Running actions/checkout twice in a row does not work as I expected
Solution: use path
parameter
- name: Checkout Repo
uses: actions/checkout@v2
with:
repository: "forgeCloud/ob-deploy"
token: ${{ secrets.ACCESS_TOKEN }}
path: ob-deploy
Can’t share variables between jobs
Solution: use artifacts
it is painful but you can share files, not variables between jobs.
- name: Archive Production Artifact
uses: actions/upload-artifact@master
with:
name: customers
path: forgerock-openbanking-ui/customers
Sharing variables amongs the same job is painful
Solution: use path
parameter
- id: <ID>
run: echo "::set-output name=<NAME>::<VALUE>"
with:
monInput: ${{ steps.<ID>.outputs.<NAME> }}