The Guild Secrets
Collection of shared secrets from The Guild for local and CI usage.
Usage
Make sure to have git-secret and GnuPG installed.
Reveal secrets
git secret reveal- Revealed secrets are files inside the secrets/ folder without the
.secretextension
Hide secrets
git secret hide- Hidden secrets are files inside the secrets/ folder with the
.secretextension
Add new secret
- Reveal secrets
- Create a new file inside secrets/
- Make sure the filename (because the filename is the secret name):
- Has no spaces
- Has illegal characters
- Has no extension
- Write the secret inside the contents of the file
git secret add <filepath>- Hide secrets
Remove secret
- Reveal secrets
git secret remove <filepath>- Hide secrets
Give access to user
Make sure you have obtained the GPG key from the user.
- Reveal secrets
- Import the obtained GPG key
git secret tell <email>- Hide secrets
Use in GitHub Actions
Simply add a job step that uses the-guild-org/secrets and provide the GPG key that has access to the secrets through the gpg-key input.
The revealed secrets will be a part of the job step's output, for example: steps.secrets.outputs.<filename>.
jobs:
publish:
name: Publish
runs-on: ubuntu-latest
steps:
- name: The Guild Secrets
id: secrets
uses: the-guild-org/secrets@main
with:
gpg-key: ${{ secrets.GPG_KEY }}
- name: Publish
env:
NPM_TOKEN: ${{ steps.secrets.outputs.NPM_TOKEN }}
run: npm publish