I usually keep secret environment variables in a .env.local file (not checked into version control) and use dotenv to load the variables into process.env. To make these secrets available in a GitHub action, the variables need to be stored as an encrypted secret on GitHub. If stored as MY_SECRET, the secret is available in an action as secrets.MY_SECRET. To be able to load this variable using dotenv, the variable needs to be written to the .env.local file. The following step implements this:
steps:
- name: Create .env.local file
run: |
touch .env.local
echo MY_SECRET=$MY_SECRET >> .env.local
env:
MY_SECRET: ${{ secrets.MY_SECRET }}