@scloud/cdk-github
v0.1.28
Published
Automates setting variables and secrets on a Github repo/environment based on output produced by the ghaUser() feature of @scloud/cdk-patterns
Downloads
35
Maintainers
Readme
CDK Github secrets and variables
This is a companion package designed to work with @scloud/cdk-patterns
:` https://www.npmjs.com/package/@scloud/cdk-patterns
Takes outputs produced by the githubActions().ghaOidcRole()
and githubActions().ghaUser()
features of @scloud/cdk-patterns
and automates setting repo/environment secrets and variables in Github Actions.
This is intended to provide you with the environment/variable/secret handling capabilities you'll mostly need. If you have an edge-case, the repo serves as example code you can reuse to help you get what you need done more easily.
Setup
Assuming you've called the ghaOidcRole
or ghaUser
function, you should have some output files under your .infrastructure/secrets
directory, e.g.:
.infrastructure/secrets/StackName.ghaSecrets.json
.infrastructure/secrets/StackName.ghaVariables.json
@scloud/cdk-github
uses these files as inputs to understand the values that need to be set on the repo (or its environments) and whether or not the value needs to be handled as a secret.
Running
To set variables and/or secrets, you can use the following example code:
import { updateGithub } from '@scloud/cdk-github';
(async () => {
await updateGithub();
})();
The key part is the call to the updateGithub
function.
You can optionally pass true
to this function if you would like this process to delete any "leftover" (orphaned) values. This removes secrets and variables if they are no longer specified by the stack. However, be aware tht this will delete any variables you've set manually! Passing true
is recommended to fully automate and keep the set of variables and secrets clean.
You will also need the following environment variables, or pass an object with these values when you call the function:
export USERNAME=octocat
export PERSONAL_ACCESS_TOKEN=ghp_xxxxxxxxxxx
export OWNER=organization
export REPO=repository
or
{
username: 'octocat',
personalAccessToken: 'ghp_xxxxxxxxxxx',
owner: 'organization',
repo: 'repository',
}