如何将 Github 机密作为 json 文件中的值传递?

Man*_*cal 4 javascript continuous-integration continuous-deployment cypress github-actions

我使用Cypress.io进行自动化测试并使用Github Actions在 CI/D 中触发它。配置cypress.json文件具有嵌套env值,如下所示:

{
  "baseUrl": "<url-to-login>",
  "env": {
    "roles": {
      "admin": {
        "PASSWORD": "<password>",
        "USERNAME": "<username>"
      },
      "employee": {
        "PASSWORD": "<password>",
        "USERNAME": "<username>"
      },
      "client": {
        "PASSWORD": "<password>",
        "USERNAME": "<username>"
      }
    }
  }
}
Run Code Online (Sandbox Code Playgroud)

不幸的是,Cypress 无法访问深层环境变量,因此我创建的配置cypress.json如下:

name: Cypress Tests

on: [push]

jobs:
  cypress-run:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        # creates cypress.json file to run Cypress
      - name: Create Cypress config files
        run: |
          echo '{ "baseUrl": "${{ secrets.BASE_URL }}", "env": { "roles": { "admin": { "PASSWORD": "${{ secrets.PASSWORD }}", "USERNAME": "${{ secrets.USERNAME }}" } } } }' > cypress.json
      - name: Cypress run
        uses: cypress-io/github-action@v2
        with:
          build: yarn run
          start: yarn cypress:run
          wait-on-timeout: 120
          browser: chrome

Run Code Online (Sandbox Code Playgroud)

它不起作用,但我硬编码了它确实起作用的值,如下所示:

run: |
          echo '{ "baseUrl": "<hardcoded-redacted-value>", "env": { "roles": { "admin": { "PASSWORD": "<hardcoded-redacted-value>", "USERNAME": "<hardcoded-redacted-value>" } } } }' > cypress.json
Run Code Online (Sandbox Code Playgroud)

所以我的问题是,如何传递文件中的秘密json

Man*_*cal 10

我通过将整个cypress.json配置文件的内容存储为GitHub 的存储库加密密钥解决了这个问题。然后,我使用create-jsonGitHub Action生成在 CI/CD 上cypress.json运行Cypress所需的内容。这是最终的.github/workflows/main.yml文件:

name: Cypress Tests

on: [push]

jobs:
  cypress-run:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: create-json
        id: create-json
        uses: jsdaniell/create-json@1.1.2
        with:
          name: "cypress.json"
          json: ${{ secrets.CYPRESS_CONFIG_JSON }}
      - name: Cypress run
        uses: cypress-io/github-action@v2
        with:
          build: yarn run
          start: yarn cypress:run
          wait-on-timeout: 120
          browser: chrome
Run Code Online (Sandbox Code Playgroud)

  • 那么,与深层嵌套的环境变量无关吗? (3认同)