Reputation: 4357
For example, travis-ci.com allows the user to define an env variable which is bound to a certain branch. Whereas Github does allow you to define secret env variables, they, however, all have to compete for the same namespace which introduces additional complexity. Does anyone know a workaround?
Upvotes: 2
Views: 4166
Reputation: 3388
I defined staging
and prod
environments in GitHub and defined secret for each of them.
GitHub Environments:
staging
FIREBASE_PROJECT_ID=project-staging
prod
FIREBASE_PROJECT_ID=project-production
Then I use the following GitHub workflow script to activate specific environment depending on the branch:
jobs:
build_and_deploy:
runs-on: ubuntu-latest
environment: ${{ github.ref == 'refs/heads/main' && 'prod' || github.ref == 'refs/heads/staging' && 'staging' }}
Finally using the secret.
- name: Deploy Cloud Functions
run: |
npx firebase-tools use ${{ secrets.FIREBASE_PROJECT_ID }}
npx firebase-tools deploy --only functions --json
Upvotes: 1
Reputation: 569
As an alternative, you can create an environment on GitHub. And you can create secrets for that environment. And finally, you can add a deployment branch for that environment. That means you could have a job to deploy to that environment using that secret. Only that job would have access to the secret and you can also set a rule to only allow deploys to that environment using workflows on that branch.
I think, that way you get what you want (or maybe a little bit more restrictive) because only that branch would have access to the secret but you have to define an environment. I suppose in most cases when you introduce a secret that depends on a branch it's because that branch represents an environment.
Upvotes: 1
Reputation: 1328602
I have not seen that particular feature, which means you need to define your variable environment with a naming convention:
branchName_myVariable
In your GitHub Action script, you can then reference said variable by prepending the branch name you would have extracted in a separate step.
Upvotes: 0