Skip to content
/ serverless-github-actions-secrets Public

Manage Serveless Framework config values in GitHub Actions Secrets

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

originalmind/serverless-github-actions-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
bin
bin
 
 
lib
lib
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

serverless-github-actions-secrets

Manage Serveless Framework config values in GitHub Actions Secrets

Basic Usage - Writing Secrets to GitHub Actions

You will need to create a GitHub personal access token with

  1. Add a script entry to your package.json:

    "scripts: {
  "secrets": "github-secrets"
}

  2. Write secrets from Serverless config file using default options:

    export GITHUB_ACCESS_TOKEN=...
npm run secrets

All options

There are a number of options for configuring the write operation. All options can be set on the command line or in package.json for automated usage.

npm run secrets -- --stage dev --token my_github_token --repo owner/repo-name --configPath "path/to/config/directory/" --configFilePattern "config.{stage}.secret.yml" --prefixWithStage true --prefixSeparator "_"

Usage with git hook

Since you're using Github Actions, it's a good idea to push the secrets before pushing your code. This can be automated using git hooks.

Since we can't specify a stage, we must map it from the current branch. This is specified in the package.json. This package will read this metadata if the --stage option is not specified.

If the branch cannot be mapped, an error will be output and the hook action will not continue.

You must also specify where your config file is by setting this in the package.json as shown below.

  1. npm i husky --save-dev

  2. Add required metadata to package.json:

     "husky": {
   "hooks": {
     "pre-push": "npm run secrets -- --operation write"
   }
 },
 "om_sgas": {
   "secretNaming": {
     "prefixWithStage": false,
     "prefixSeparator": "_"
   },
   "configFile": {
     "configPath": "./config",
     "configFilePattern": "config.{stage}.secret.yml"
   },
   "stage_mapping": {
     "develop": "dev",
     "master": "prod"
   }
 },

    More info about Husky.

Extended Usage

This package also allows the following interactions with GitHub Actions Secrets:

List Secrets

npm run secrets -- --operation list

Get a secret

npm run secrets -- --operation get --secretName topsecret

Add AWS Credentials

This is useful (required!) when using GitHub Actions to perform deployment to AWS (unless you are using self-hosted runners - https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions#self-hosted-runners).

You specify the name of a profile in your ~/.aws/credentials file. This package will read the keys from the file and set them as GitHub Actions secrets with the names AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. If the prefixWithStage option is true, then they'll be written with names <stage><prefix-separator>AWS_ACCESS_KEY_ID and <stage><prefix-separator>AWS_SECRET_ACCESS_KEY.

npm run secrets -- --operation cred --awsProfileName my-profile

Debugging

NODE_DEBUG=app npm run dev

About

Manage Serveless Framework config values in GitHub Actions Secrets

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages