Mateja Petrovic
Mateja Petrovic

Reputation: 4357

How to Define Github Branch Specific Secret or an Alternative?

For example, travis-ci.com allows the user to define an env variable which is bound to a certain branch. Whereas Github does allow you to define secret env variables, they, however, all have to compete for the same namespace which introduces additional complexity. Does anyone know a workaround?

Upvotes: 2

Views: 4166

Answers (3)

Eugene Maysyuk
Eugene Maysyuk

Reputation: 3388

I defined staging and prod environments in GitHub and defined secret for each of them.

GitHub Environments:

  • staging

    FIREBASE_PROJECT_ID=project-staging

  • prod

    FIREBASE_PROJECT_ID=project-production

Then I use the following GitHub workflow script to activate specific environment depending on the branch:

jobs:
  build_and_deploy:
    runs-on: ubuntu-latest
    environment: ${{ github.ref == 'refs/heads/main' && 'prod' || github.ref == 'refs/heads/staging' && 'staging' }}

Finally using the secret.

- name: Deploy Cloud Functions
  run: |
    npx firebase-tools use ${{ secrets.FIREBASE_PROJECT_ID }}
    npx firebase-tools deploy --only functions --json

Upvotes: 1

Jose Celano
Jose Celano

Reputation: 569

As an alternative, you can create an environment on GitHub. And you can create secrets for that environment. And finally, you can add a deployment branch for that environment. That means you could have a job to deploy to that environment using that secret. Only that job would have access to the secret and you can also set a rule to only allow deploys to that environment using workflows on that branch.

I think, that way you get what you want (or maybe a little bit more restrictive) because only that branch would have access to the secret but you have to define an environment. I suppose in most cases when you introduce a secret that depends on a branch it's because that branch represents an environment.

Upvotes: 1

VonC
VonC

Reputation: 1328602

I have not seen that particular feature, which means you need to define your variable environment with a naming convention:

branchName_myVariable

In your GitHub Action script, you can then reference said variable by prepending the branch name you would have extracted in a separate step.

Upvotes: 0

Related Questions