I want to check that all necessary secrets exist and fail the build if some of them are missing.
In my script I have this step
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: ${{ env.secret_key1 == '' }} || ${{ env.secret_key2 == '' }} || ${{ env.secret_key3 == '' }}
run: exit 1
but this always exists with status code 1, even if all secrets are present.
I have checked that if I use only one secret it works correctly, e.g.
- name: Check if secret exists
env:
secret_key: ${{ secrets.MY_SECRET }}
if: ${{ env.secret_key == '' }}
run: exit 1
Am I using wrong syntax or is the problem somewhere else?
Your condition should look like this:
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: ${{ (env.secret_key1 == '') || (env.secret_key2 == '') || (env.secret_key3 == '') }}
run: exit 1
Also, you can omit the expression syntax (${{ }}) because GitHub automatically evaluates the if conditional as an expression:
- name: Check if secrets exist
env:
secret_key1: ${{ secrets.MY_SECRET_1 }}
secret_key2: ${{ secrets.MY_SECRET_2 }}
secret_key3: ${{ secrets.MY_SECRET_3 }}
if: env.secret_key1 == '' || env.secret_key2 == '' || env.secret_key3 == ''
run: exit 1
Screenshot: click
For more information, see Expressions.
Related
I'm trying to add env variables and then use them.
name: Extract branch/server/ssh/project names into ENV variable
shell: bash
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: "true"
SERVER_IP_DEV: ${{ secrets.SERVER_IP_DEV }}
SERVER_IP_MASTER: ${{ secrets.SERVER_IP_MASTER }}
EC2_SSH_KEY_DEV: ${{ secrets.EC2_SSH_KEY_DEV }}
EC2_SSH_KEY_MASTER: ${{ secrets.EC2_SSH_KEY_MASTER }}
PROJECT_NAME: ${{ secrets.PROJECT_NAME }}
run: |
branch=$(sed 's|/|_|g' <<< ${GITHUB_REF#refs/heads/})
server="SERVER_IP_${branch_name^^}"
ssh_key="EC2_SSH_KEY_${branch_name^^}"
project="PROJECT_NAME"
echo "::set-env name=BRANCH_NAME::branch"
echo "::set-env name=SERVER_IP::server"
echo "::set-env name=SSH_KEY::ssh_key"
echo "::set-env name=PROJECT_NAME::project"
and then use them somethin like this
name: Install SSH Key
uses: shimataro/ssh-key-action#v2
with:
key: ${SSH_KEY}
known_hosts: "just-a-placeholder-so-we-dont-get-errors"
but it does not work. what am doing wrong?
I have the following steps' sequence in a GitHub Actions job (first one is used more or less for debugging purposes
env:
FAIL_OUTCOME: 'fail'
- name: debug
shell: bash
run: |
echo "evaluation-1 result is ${{ steps.evaluation_1.outputs.evaluation-1-outcome }}
echo "evaluation-2 result is ${{ steps.evaluation_2.outputs.evaluation-2-outcome }}
echo $FAIL_OUTCOME
- name: send slack failure
if: ${{ steps.evaluation_1.outputs.evaluation-1-outcome }} == $FAIL_OUTCOME || ${{ steps.evaluation_2.outputs.evaluation-2-outcome }} == $FAIL_OUTCOME
uses: rtCamp/action-slack-notify#v2
env:
...
- name: send slack success
if: ${{ steps.evaluation_1.outputs.evaluation-1-outcome }} != $FAIL_OUTCOME && ${{ steps.evaluation_2.outputs.evaluation-2-outcome}} != $FAIL_OUTCOME
uses: rtCamp/action-slack-notify#v2
env:
...
Here is the outcome of the debug action:
echo "evaluation-1 result is
echo "evaluation-2 result is fail
where it seems that first outcome is not set.
However, what puzzles me is that success action is also executed, i.e.
${{ steps.evaluation_1.outputs.evaluation-1-outcome }} != $FAIL_OUTCOME && ${{ steps.evaluation_2.outputs.evaluation-2-outcome}} != $FAIL_OUTCOME
becomes true. How is it possible?
To provide for more context, the outputs' assignment in previous steps are as follows:
echo "::set-output name=evaluation-2-outcome::$FAIL_OUTCOME"
The straight answer to your question is that you are misusing the $FAIL_OUTCOME value in if statements.
There you need to use:
if: steps.evaluation_1.outputs.evaluation-1-outcome == env.FAIL_OUTCOME || steps.evaluation_2.outputs.evaluation-2-outcome == env.FAIL_OUTCOME
...
if: steps.evaluation_1.outputs.evaluation-1-outcome != env.FAIL_OUTCOME && steps.evaluation_2.outputs.evaluation-2-outcome != env.FAIL_OUTCOME
or:
if: ${{ steps.evaluation_1.outputs.evaluation-1-outcome == env.FAIL_OUTCOME || steps.evaluation_2.outputs.evaluation-2-outcome == env.FAIL_OUTCOME }}
...
if: ${{ steps.evaluation_1.outputs.evaluation-1-outcome != env.FAIL_OUTCOME && steps.evaluation_2.outputs.evaluation-2-outcome != env.FAIL_OUTCOME }}
Env variables can be accessed as $FAIL_OUTCOME only in bash scopes - everywhere else, you need to explicitly use env. prefix.
However, I would recommend doing it properly and not fighting with env variables combined with set-output madness - which has a lot of gotchas and it's hard to debug and maintain.
Slack success and failures can be easily handled by checking the output of the whole job:
- name: send slack failure
if: failure()
- name: send slack success
if: success()
If you want to communicate about failure of some steps only:
notify_failure:
if: always() && !cancelled() && needs.check_failure_step.result != 'success'
needs: check_failure_step
And instead of using echo set-output:: just exit 1 to fail a certain job.
Combining that with needs and jobs output values and if: always() you can achieve anything you want.
It gives you also a huge advantage of seeing which job has failed straight on workflow run summary without looking to its "output" or "debug" logs.
I've been trying to create conditions for Jobs in GitHub Actions but I can't seem to get it working
I have the following Inputs:
on:
workflow_dispatch:
inputs:
env:
description: 'Select the Environment'
type: choice
required: true
options:
- SIT
- UAT
op:
description: 'Deploy or Delete Apps'
type: choice
required: true
options:
- Deploy
- Delete
ver:
description: 'Type the app version'
required: true
and the below jobs:
jobs:
create-sit-app:
runs-on: ubuntu-latest
name: 'Deploy App for SIT'
if: |
(${{ github.event.inputs.env }} == 'SIT' && ${{ github.event.inputs.op }} == 'Deploy')
steps:
........
........
........
I also tried this
(${{ github.event.inputs.env == 'SIT' }} && ${{ github.event.inputs.op == 'Deploy' }})
And this
${{ github.event.inputs.env == 'SIT' }} && ${{ github.event.inputs.op == 'Deploy' }}
Managed to do it like this:
if: (github.event.inputs.env == 'SIT' && github.event.inputs.op == 'Deploy')
I read this document https://learn.microsoft.com/zh-cn/azure/devops/pipelines/process/expressions?view=azure-devops#conditional-insertion
but not like what demoed in the document, I need add three variables with same condition as below:
name: arm_temp
resources:
repositories:
- repository: self
type: git
variables:
- ${{ if in(lower(coalesce(variables['ENV'], variables['Build.SourceBranchName'])), 'release', 'prod') }}:
- newEnv: 'Prod'
- account: '$(ACCOUNT)'
- password: '$(PASSWORD)'
- ${{ if eq(lower(coalesce(variables['ENV'], variables['Build.SourceBranchName'])), 'qa') }}:
- newEnv: 'QA'
- account: '$(ACCOUNT)'
- password: '$(PASSWORD)'
- resGroupName: ${{ format('RESGROUP-{0}', variables['newEnv']) }}
ACCOUNT, PASSWORD and ENV are variables defined in azure build pipeline
but I always get error before run the build pipeline.
and error notification is about line under the if conditiona.
From your Yaml sample, it seems that the Yaml format has some issues.
You could refer to the following YAML Sample:
variables:
${{ if in(lower(coalesce(variables['ENV'], variables['Build.SourceBranchName'])), 'release', 'prod') }}:
newEnv: 'Prod'
account: $(myaccount)
password: $(mypassword)
${{ if eq(lower(coalesce(variables['ENV'], variables['Build.SourceBranchName'])), 'qa') }}:
newEnv: 'QA'
account: $(myaccount)
password: $(mypassword)
resGroupName: ${{ format('RESGROUP-{0}', variables['newEnv']) }}
pool:
vmimage: windows-latest
steps:
- script: |
echo $(newEnv)
echo $(account)
echo $(password)
Variable:
Result:
Note: You need to change the variable name $(ACCOUNT) $(PASSWORD). They cannot have the same name as the variable defined in yaml($(account), $(password)). Or the variable couldn't pass successfully.
This question already has answers here:
Multiline string in Azure Pipelines
(3 answers)
Closed 2 years ago.
Is it possible to use multiline in YAML in Azure Pipelines tasks? For instance for the ARM deployment task, there is an overrideParameters property. It would be nice if this could be split accross several lines instead of putting everything in one line:
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'ARM deploy MyFunctionAPP'
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ parameters.serviceConnection }}
subscriptionId: ${{ parameters.subscriptionId }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ parameters.resourceGroupName }}
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(ARMtemplatesPath)\MyFunctionAPP\template.json'
csmParametersFile: '$(ARMtemplatesPath)\MyFunctionAPP\parameters.json'
deploymentMode: 'Incremental'
overrideParameters: '-environment_name ${{ parameters.environmentName }} -vnetAddressPrefix ${{ parameters.vnetAddressPrefix }} -subnet1Prefix ${{ parameters.subnet1Prefix }} -APIkey ${{ parameters.APIkey }} -queueName ${{ parameters.queueNameMyQueue }} -SendGridAPIkey ${{ parameters.SendGridAPIkey }} -StorageConnectionAppSetting ${{ parameters.StorageConnectionAppSetting }}'
Is it somehow possible to split the overrideParameters values on multiple lines?
This has worked for me:
overrideParameters: >-
-environment_name "${{ parameters.environmentName }}"
-vnetAddressPrefix "${{ parameters.vnetAddressPrefix }}"
-subnet1Prefix "${{ parameters.subnet1Prefix }}"
-APIkey "${{ parameters.APIkey }}"
-queueName "${{ parameters.queueNameMyQueue }}"
-SendGridAPIkey "${{ parameters.SendGridAPIkey }}"
-StorageConnectionAppSetting "${{ parameters.StorageConnectionAppSetting }}"
So using >- on a single line and then using double-quotes to surround settings values works.
Is it somehow possible to split the overrideParameters values on
multiple lines?
According to the document Expressions, we could use a pipe character (|) for multiline strings:
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'ARM deploy MyFunctionAPP'
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ parameters.serviceConnection }}
subscriptionId: ${{ parameters.subscriptionId }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ parameters.resourceGroupName }}
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(ARMtemplatesPath)\MyFunctionAPP\template.json'
csmParametersFile: '$(ARMtemplatesPath)\MyFunctionAPP\parameters.json'
deploymentMode: 'Incremental'
overrideParameters: |
-environment_name ${{ parameters.environmentName }}
-vnetAddressPrefix ${{ parameters.vnetAddressPrefix }}
-subnet1Prefix ${{ parameters.subnet1Prefix }}
-APIkey ${{ parameters.APIkey }}
-queueName ${{ parameters.queueNameMyQueue }}
-SendGridAPIkey ${{ parameters.SendGridAPIkey }}
-StorageConnectionAppSetting ${{ parameters.StorageConnectionAppSetting }}
You could check this thread for some more details.