Use Github Secrets in Discord.js through Node.js.yml on Github

Question

So I have a Discord bot and want the code to be public and the bot token to be private. I made the token private with Github Secrets, but when I run the code with a console.log(process.env.test) in the code it says the variable is undefined. How do I fix this?? Also, the output also says the token is invalid.

Node.js.yml file:

name: littleBot

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  build:

    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [12.x]

    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      env:
        test: ${{ secrets.test }}
      with: 
        node-version: ${{ matrix.node-version }}
    - run: npm i
    - run: node index.js

Answer 1

In this case, you've set the environment variable test to the test secret when you're setting up node; that is, installing a version of node for your workflow. It is likely that node doesn't use that environment variable, and so it has no effect.

Setting an environment variable in one workflow step doesn't apply to other workflow steps, so if you want that token to be in the environment for a different step, then you'll need to specify it for that step instead. For example, you might prefer it to be run for the node index.js step instead.

It also doesn't affect anything that's built unless you specifically include the token into a build step, so if you're deploying this code somewhere else (and hopefully you are not running a bot on GitHub Actions), then you'd need to make sure it was persisted somewhere in the deployment, using whatever technique your deployment mechanism has for that.