Using Environment Variables & Secrets in Github Actions

Tan Jun Rong avatar
Tan Jun Rong

Github Actions

While doing Android development, I always need a CI to run my unit test, linting, and so on. There are many CI services out there, but if you are using Github as your version control, you can use Github Actions as your CI to run some tests.

I'll first go through a simple github action yml file, then I will talk about how to access the environment variable & secrets.

How to use Github Actions

To use Github Actions, you have to add a new file to your Android project root directory:
.github/workflows/run-unit-test.yml

name: Android Pull Request & Master CI

on:
  pull_request:
    branches:
      - 'master'
  push:
    branches:
      - 'master'
jobs:
    test:
      name: Run Unit Tests
      runs-on: ubuntu-18.04

    steps:
      - uses: actions/[email protected]
      - name: setup JDK 1.8
        uses: actions/[email protected]
        with:
          java-version: 1.8
      - name: Run Unit tests
        run: ./gradlew test

A simple explanation:

  • on will decide when this github action will be triggered (doc)
  • runs-on will decide the environment it will be run on
  • actions/checkout will check out the default repo (the current one)
  • setup JDK 1.8 block will setup JDK environment
  • Run Unit tests block will finally run the command specified, which is ./gradlew test.

For more thorough understanding, Github's documentation has a great load of articles to cover it: https://help.github.com/en/actions.

Environment variables & Secrets

It's common that we need to refer to environment variables in our CI, for example, the Pull Request number, the current path or others. Also, sometimes we need to setup some API keys. I'll share my experience of setting them up in this section.

Environment variables

There are many environment variables made available, here is how you dump the content of those variables:

steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - name: Dump job context
        env:
          JOB_CONTEXT: ${{ toJson(job) }}
        run: echo "$JOB_CONTEXT"
      - name: Dump steps context
        env:
          STEPS_CONTEXT: ${{ toJson(steps) }}
        run: echo "$STEPS_CONTEXT"
      - name: Dump runner context
        env:
          RUNNER_CONTEXT: ${{ toJson(runner) }}
        run: echo "$RUNNER_CONTEXT"
      - name: Dump strategy context
        env:
          STRATEGY_CONTEXT: ${{ toJson(strategy) }}
        run: echo "$STRATEGY_CONTEXT"
      - name: Dump matrix context
        env:
          MATRIX_CONTEXT: ${{ toJson(matrix) }}
        run: echo "$MATRIX_CONTEXT"

After adding the block above, you can find the result under Checks 👇:

image
image

Here's how you access the variable. For example, you can access the pull request number found in this dump:
Screen Shot 2020-03-25 at 23.04.48

Since it's under github context, then event, then number, you can access it using github.event.number, here is how it looks lilke:

steps:
      - name: Using Variables
        env:
+          PR_NUMBER: ${{ github.event.number }}
      - run: echo $PR_NUMBER

So for example, if you want to access something from runner context called os, it will be runner.os. I think you got the gist of this.

Secrets

If you need to setup an API_KEY which is a 'secret', you can set it up like this:

  1. Go to your repo's Settings --> Secrets --> Add a new secret:
Screen Shot 2020-03-25 at 22.40.46
Screen Shot 2020-03-25 at 22.40.46
  1. Then it will be made available in your github actions like this 👇:
name: Android Pull Request & Master CI

on:
  pull_request:
    branches:
      - 'master'
  push:
    branches:
      - 'master'
jobs:
    test:
      name: Run Unit Tests
      runs-on: ubuntu-18.04

    steps:
      - uses: actions/[email protected]
      - name: setup JDK 1.8
        uses: actions/[email protected]
        with:
          java-version: 1.8
      - name: Run Unit tests
+        env:
+          FIXER_IO_ACCESS_TOKEN: ${{ secrets.FIXER_IO_ACCESS_TOKEN }}
+          BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+        run: ./gradlew test -Parg1=$FIXER_IO_ACCESS_TOKEN -Parg2=$BOT_GITHUB_TOKEN
-        run: ./gradlew test

Summary

This serves as a very brief post just to get you anyone started! Please feel free to make some trial and error on your own.

I hope you find this helpful, see you next time! 👋

Tan Jun Rong avatar
Written By

Tan Jun Rong

Android Programmer who likes writing blogs, reading, coffee, snowboarding.
Enjoyed the post?

Clap to support the author, help others find it, and make your opinion count.