Workflow is not loading my environment

[davidh16]

Select Topic Area

Question

Body

I am trying to deploy my app to Google Cloud Run using Github actions. I have written a workflow for it but I realised that environment variables are not being loaded because they are not baked in my app. I have created an environment in repository settings and added some variables in it. I defined in the workflow that I want to use that specific environment and to confirm that my variables are available I printed out whole env in one stage. Variables are not there and I am not sure what am I doing wrong. Please help.

jobs:
  deploy:
    environment: debug

    permissions:
      contents: 'read'
      id-token: 'write'

    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Print all environment variables
        run: printenv

Just to be clear, I did not paste whole workflow code, except the part which is relevant to my question.

[BONY-SL]

1. Environment Variables in GitHub Actions:
   In GitHub Actions, environment variables defined in the repository settings under a specific environment (like debug) are not automatically available in the workflow. You need to explicitly pass them to the workflow or jobs.

2. Using env Keyword:
   You can use the env keyword in your workflow to make environment variables available to your jobs or steps.

3. Using Secrets:
   If you are using secrets (which should be used for sensitive data), you need to explicitly reference them in your workflow.

jobs:
deploy:
environment: debug

permissions:
  contents: 'read'
  id-token: 'write'

runs-on: ubuntu-latest

steps:
  - name: Checkout
    uses: actions/checkout@v2

  - name: Print all environment variables
    env:
      MY_ENV_VAR: ${{ secrets.MY_ENV_VAR }}  # If it's a secret
      ANOTHER_VAR: ${{ vars.ANOTHER_VAR }}   # If it's a variable set in the environment
    run: printenv

***important

Secrets Management

If you are working with secrets, remember that they won’t be printed out using printenv for security reasons. Instead, test their availability by using them in a command that gives a clear output, like:

  - name: Check specific variable
    run: echo $MY_ENV_VAR
    env:
      MY_ENV_VAR: ${{ secrets.MY_ENV_VAR }}

[davidh16]

This doesn't make any sense to me. What is the purpose of defining variables in repository settings if I have to define them in the workflow as well ? What if I have 50 variables ? There has to be a better way than this. Thank you for your help nevertheless.

[BONY-SL]

You’re right—it can seem redundant to define environment variables in both the repository settings and the workflow. Here’s a clearer explanation of how GitHub Actions handles environment variables and a more streamlined approach:

Purpose of Defining Variables in Repository Settings
Security and Management:

Secrets: These are used for sensitive data (e.g., API keys, credentials). They are encrypted and can’t be directly viewed once set. They are used in workflows but not exposed in logs or code.
Environment Variables: These can include configurations or non-sensitive information that may be needed across different environments (like development, staging, production).
Centralized Configuration:

Variables set in repository settings or environments allow centralized management. This ensures that your configuration remains consistent and reduces the risk of exposing sensitive data.

Using Environment Files:

Create a .env file in your repository (but be cautious not to commit sensitive information directly to it). You can then use this file in your workflow to set environment variables.

jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2

  - name: Load environment variables
    run: |
      export $(grep -v '^#' .env | xargs)
    env:
      MY_ENV_VAR: ${{ secrets.MY_ENV_VAR }}

Referencing Environment Variables Directly:

If you have a large number of variables, ensure they are grouped and referenced correctly within the workflow.
Using GitHub Environments:

GitHub Environments allow you to define environment variables specific to deployment stages. These variables can be accessed by workflows associated with that environment, but still need to be referenced in the workflow steps.
Dynamic Variable Injection:

If your workflow involves dynamic or frequently changing variables, consider a script that dynamically fetches or updates these variables.

jobs:
deploy:
environment: debug # The environment where variables are defined

runs-on: ubuntu-latest

steps:
  - name: Checkout
    uses: actions/checkout@v2

  - name: Print environment variables
    run: |
      echo "MY_ENV_VAR=$MY_ENV_VAR"
    env:
      MY_ENV_VAR: ${{ secrets.MY_ENV_VAR }}  # Reference secrets or environment variables

[broguinn]

After looking at your .yml, I believe the issue is that you aren't referencing these variables. You should templatize these variables via `${{ vars.VITE_ENVIRONMENT }}.

I personally have had issues with the environment variable being read - but repository variables should work just fine.

[davidh16]

Hey I have found the solution in the meantime. The issue is that loading environment is not enough. I solved my problem by creating .env file in the workflow and filling it with variables from environment, then upon building an image, workflow bakes variables into my application.

To explain a bit more,
there is a line in my Dockerfile

COPY . .

this ensures that created .env file in workflow is copied in docker image.

Vite works in a way that environment variables are accessible only if they are baked in application during build.
Here is my workflow code thats makes sure .env is created properly

 - name: Prepare Environment Variables for Deployment
        id: prepare-env
        run: |
          # Convert repository or organization variables to JSON format
          echo '${{ toJSON(vars) }}' > env_vars.json

          # Convert JSON to .env format
          cat env_vars.json | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env

          #remove no longer needed env_vars.json file
          rm -f env_vars.json

          # Display the contents of the .env file (for debugging purposes)
          cat .env

      # Build and push the Docker image, passing the .env_file
      - name: Build and Push Container
        run: |-          
          docker build \
            -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}" ./
          docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}"

Bonus:
you can choose which environment to use based on a branch that you are pushing changes to

environment: 
      name: ${{ github.ref == 'refs/heads/main' && 'production' || 'debug' }}

[broguinn]

Vite will load from a .env, but that doesn't give access to environment variables within our actions. This is a broader issue with how variables are loaded that Github needs to address.

[davidh16]

Vite and Github actions are separate things.

Vite will know about the environment variables if you build your Vite application with .env file present in a root folder. For it to happen we must load environment variables within Github actions workflow and from that create temporary .env file which will then be used for building an app like I showed in my previous answer.

I see no issue with how Github actions handles environment, there was only skill issue of mine, which I fortunately overcame.