/create-github-secret-action

Github Action that can create or update secrets in the GitHub Actions API

Primary LanguageJavaScriptMIT LicenseMIT

Create GitHub Secret Action

release

This action can create or update secrets in the GitHub Actions API. It supports both repository and organization secrets in a unified input syntax.

Fork from: https://github.com/gliech/create-github-secret-action

Usage

Basic example (creates a secret in the repository where the workflow file is located):

steps:
  - uses: gazab/create-github-secret-action@v1
    with:
      name: FRONT_DOOR_PASSWORD
      value: Eternia
      pa_token: ${{ secrets.PA_TOKEN }}

Create a secret in a different repository:

steps:
  - uses: gazab/create-github-secret-action@v1
    with:
      location: horde-prime/spire-network
      name: BROADCAST_FREQUENCY
      value: ${{ secrets.JAMMING_FREQUENCY }}
      pa_token: ${{ secrets.PAT_WRONG_HORDAK }}

Create a secret in an organization:

steps:
  - uses: gazab/create-github-secret-action@v1
    with:
      location: united-states-air-force
      name: NUCLEAR_LAUNCH_CODES
      value: '00000000'
      org_visibility: all
      pa_token: ${{ secrets.PAT_STRATEGIC_AIR_COMMAND }}

Create an environment secret (in the repository where the workflow file is located):

steps:
  - uses: gazab/create-github-secret-action@v1
    with:
      name: FORCE_DOME_PASSWORD
      value: Brightmoon
      pa_token: ${{ secrets.PA_TOKEN }}
      environment: production

Inputs

name

(Required) Name of the secret that you want to create/update.

value

(Required) Value of the secret that you want to create/update.

This action cannot mask the provided secret value in workflow logs. If you do not want the secret value to appear in the output of your workflow run, you have to mask it before you provide it to this action as input.

location

Name of a GitHub repository or organization where you want to create/update a secret. Expects the notation owner/repo for repositories. Defaults to the repository that invoked the workflow.

environment

Name of the environment where you want to create/update a secret. Not valid for organizations and the environment must already exist.

pa_token

(Required) Personal access token with permission to modify repository or organization secrets.

For more information on PATs see the GitHub docs article on creating a personal access token. The GitHub Secrets API requires the repo scope to modify secrets in private repositories and the public_repo scope for public repositories. It requires admin:org scope to modify secrets in an organization.

org_visibility

Only used for organization secrets. Can be set to one of 3 values:

  • all will make the secret visible to all repositories in the organization
  • private makes it visible only to repositories that are not public
  • any other input value will be interpreted as a list of comma-seperated GitHub repository IDs, which will cause the created secret to be selectively visible only from these repositories

Defaults to private.

GitHub repository IDs are not repository URLs or names. They are a number used to identify repositories on GitHub specifically. For more information see the GitHub API documentation on repositories or this question on Stack Overflow.

Outputs

status

HTTP Status Code of the request against the GitHub API that created/updated the secret.

License

This project is licensed under the terms of the MIT License