diff --git a/.github/workflows/custom-action.yml b/.github/workflows/custom-action.yml
deleted file mode 100644
index 7a87b53f..00000000
--- a/.github/workflows/custom-action.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-on: [push]
-
-jobs:
- my-job:
- runs-on: ubuntu-latest
- name: A job to say hello
- steps:
- - name: Hello world action step
- id: hello
- uses: omenking/barsoom@0.0.6
- with:
- name: 'Brown'
- # Use the output from the `hello` step
- - name: Get the Output
- run: echo "The time was ${{ steps.hello.outputs.greeting }}"
\ No newline at end of file
diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml
new file mode 100644
index 00000000..e386ee0c
--- /dev/null
+++ b/.github/workflows/publish-package.yml
@@ -0,0 +1,152 @@
+name: Publish Package
+
+on:
+ release:
+ types: [created]
+ workflow_dispatch:
+ inputs:
+ version:
+ description: 'Package version'
+ required: true
+ default: '1.0.0'
+
+jobs:
+ # Publishing a Node.js Package
+ publish-npm:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Setup Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18.x'
+ registry-url: 'https://npm.pkg.github.com'
+ scope: '@octocat'
+
+ - name: Install dependencies
+ run: npm ci
+
+ - name: Build
+ run: npm run build --if-present
+
+ - name: Publish to GitHub Packages
+ run: npm publish
+ env:
+ NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # Publishing a Python Package
+ publish-python:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.x'
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install build twine
+
+ - name: Build package
+ run: python -m build
+
+ - name: Publish to GitHub Packages
+ env:
+ TWINE_USERNAME: __token__
+ TWINE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+ TWINE_REPOSITORY_URL: https://github-package-registry.com/octocat/python-package
+ run: twine upload dist/*
+
+ # Publishing a Docker Image
+ publish-docker:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Log in to GitHub Container Registry
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Extract metadata for Docker
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ghcr.io/${{ github.repository }}
+ tags: |
+ type=semver,pattern={{version}}
+ type=sha,format=long
+
+ - name: Build and push Docker image
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+
+ # Publishing a Java Package
+ publish-java:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up JDK
+ uses: actions/setup-java@v3
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ cache: 'maven'
+ server-id: github
+
+ - name: Build with Maven
+ run: mvn -B package
+
+ - name: Publish to GitHub Packages
+ run: mvn --batch-mode deploy
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # Publishing a .NET NuGet Package
+ publish-nuget:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Setup .NET
+ uses: actions/setup-dotnet@v3
+ with:
+ dotnet-version: '7.0.x'
+ source-url: https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json
+ env:
+ NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build
+ run: dotnet build --configuration Release
+
+ - name: Create package
+ run: dotnet pack --configuration Release
+
+ - name: Publish package
+ run: dotnet nuget push "**/*.nupkg" --source "https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json" --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
\ No newline at end of file
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..b242572e
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+ "githubPullRequests.ignoredPullRequestBranches": [
+ "main"
+ ]
+}
\ No newline at end of file
diff --git a/github-actions/templates/context-workflow.yml b/github-actions/templates/context-workflow.yml
new file mode 100644
index 00000000..0ac26683
--- /dev/null
+++ b/github-actions/templates/context-workflow.yml
@@ -0,0 +1,126 @@
+name: GitHub Context Examples
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ types: [opened, synchronize, reopened]
+ issues:
+ types: [opened, edited, labeled]
+ workflow_dispatch:
+ inputs:
+ environment:
+ description: 'Environment to deploy to'
+ required: true
+ default: 'staging'
+ type: choice
+ options:
+ - staging
+ - production
+
+jobs:
+ explore-github-context:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Dump GitHub context
+ env:
+ GITHUB_CONTEXT: ${{ toJSON(github) }}
+ run: echo "$GITHUB_CONTEXT"
+
+ - name: Repository Information
+ run: |
+ echo "Repository: ${{ github.repository }}"
+ echo "Repository Owner: ${{ github.repository_owner }}"
+ echo "Repository Name: ${{ github.event.repository.name }}"
+ echo "Default Branch: ${{ github.event.repository.default_branch }}"
+ echo "Is Private: ${{ github.event.repository.private }}"
+
+ - name: Event Information
+ run: |
+ echo "Event Name: ${{ github.event_name }}"
+ echo "Event Type: ${{ github.event.action }}"
+ echo "Workflow: ${{ github.workflow }}"
+ echo "Run ID: ${{ github.run_id }}"
+ echo "Run Number: ${{ github.run_number }}"
+
+ - name: Actor Information
+ run: |
+ echo "Actor: ${{ github.actor }}"
+ echo "Actor ID: ${{ github.actor_id }}"
+ echo "Triggering Actor: ${{ github.triggering_actor }}"
+
+ - name: Git Information
+ run: |
+ echo "Ref: ${{ github.ref }}"
+ echo "SHA: ${{ github.sha }}"
+ echo "Ref Type: ${{ github.ref_type }}"
+ echo "Ref Name: ${{ github.ref_name }}"
+ echo "Base Ref: ${{ github.base_ref }}"
+ echo "Head Ref: ${{ github.head_ref }}"
+
+ - name: Environment Information
+ run: |
+ echo "Workspace: ${{ github.workspace }}"
+ echo "Action: ${{ github.action }}"
+ echo "Action Path: ${{ github.action_path }}"
+ echo "Server URL: ${{ github.server_url }}"
+ echo "API URL: ${{ github.api_url }}"
+ echo "Graphql URL: ${{ github.graphql_url }}"
+
+ - name: Pull Request Specific Info
+ if: github.event_name == 'pull_request'
+ run: |
+ echo "PR Number: ${{ github.event.number }}"
+ echo "PR Title: ${{ github.event.pull_request.title }}"
+ echo "PR Body: ${{ github.event.pull_request.body }}"
+ echo "PR State: ${{ github.event.pull_request.state }}"
+ echo "PR Base Branch: ${{ github.event.pull_request.base.ref }}"
+ echo "PR Head Branch: ${{ github.event.pull_request.head.ref }}"
+ echo "PR User: ${{ github.event.pull_request.user.login }}"
+
+ - name: Issue Specific Info
+ if: github.event_name == 'issues'
+ run: |
+ echo "Issue Number: ${{ github.event.issue.number }}"
+ echo "Issue Title: ${{ github.event.issue.title }}"
+ echo "Issue Body: ${{ github.event.issue.body }}"
+ echo "Issue State: ${{ github.event.issue.state }}"
+ echo "Issue Creator: ${{ github.event.issue.user.login }}"
+ echo "Issue Labels: ${{ join(github.event.issue.labels.*.name, ', ') }}"
+
+ - name: Workflow Dispatch Info
+ if: github.event_name == 'workflow_dispatch'
+ run: |
+ echo "Selected Environment: ${{ github.event.inputs.environment }}"
+
+ - name: Runner Information
+ run: |
+ echo "Runner OS: ${{ runner.os }}"
+ echo "Runner Name: ${{ runner.name }}"
+ echo "Runner Temp: ${{ runner.temp }}"
+ echo "Runner Tool Cache: ${{ runner.tool_cache }}"
+
+ - name: Job Information
+ run: |
+ echo "Job ID: ${{ github.job }}"
+ echo "Job Container ID: ${{ job.container.id }}"
+ echo "Job Services: ${{ toJSON(job.services) }}"
+
+ - name: Demonstration of Conditions
+ run: |
+ echo "This step runs on all events"
+ if: always()
+
+ - name: Push Event Specific
+ if: github.event_name == 'push'
+ run: |
+ echo "Commits in Push:"
+ echo "${{ toJSON(github.event.commits) }}"
+ echo "Pusher Name: ${{ github.event.pusher.name }}"
+ echo "Pusher Email: ${{ github.event.pusher.email }}"
+
+ - name: Security Related Context
+ run: |
+ echo "Running in GHES: ${{ github.event.repository.is_enterprise }}"
+ echo "Repository Topics: ${{ toJSON(github.event.repository.topics) }}"
+ echo "Repository Visibility: ${{ github.event.repository.visibility }}"
\ No newline at end of file
diff --git a/github-actions/templates/expression-functions.yml b/github-actions/templates/expression-functions.yml
index e213a386..3d0e905d 100644
--- a/github-actions/templates/expression-functions.yml
+++ b/github-actions/templates/expression-functions.yml
@@ -14,24 +14,39 @@ jobs:
- name: Check if string contains substring
if: contains('Hello world', 'llo')
run: echo "The string contains the substring."
+
- name: Check if string starts with
if: startsWith('Hello world', 'He')
run: echo "The string starts with 'He'."
+
- name: Check if string ends with
if: endsWith('Hello world', 'ld')
run: echo "The string ends with 'ld'."
+
- name: Format and echo string
- run: echo ${{ format('Hello {0} {1} {2}', 'Mona', 'the', 'Octocat') }}
+ run: echo "${{ format('Hello {0} {1} {2}', 'Mona', 'the', 'Octocat') }}"
+
- name: Join issue labels
if: github.event_name == 'issues'
- run: echo "Issue labels: ${{ join(github.event.issue.labels.*.name, ', ') }}"
+ run: |
+ echo "Issue labels: ${{ join(github.event.issue.labels.*.name, ', ') }}"
+
- name: Convert job context to JSON
- run: echo "Job context in JSON: ${{ toJSON(github.job) }}"
+ run: |
+ echo "Job context in JSON: ${{ toJSON(github.job) }}"
+
- name: Parse JSON string
- run: echo "Parsed JSON: ${{ fromJSON('{"hello":"world"}').hello }}"
+ run: |
+ echo "Parsed JSON: ${{ fromJSON('{"hello":"world"}').hello }}"
+
- name: Hash files
- run: echo "Hash of files: ${{ hashFiles('**/package-lock.json', '**/Gemfile.lock') }}
+ run: |
+ echo "Hash of files: ${{ hashFiles('**/package-lock.json', '**/Gemfile.lock') }}"
+
- name: The job has succeeded
- if: ${{ success() }}
+ if: success()
+ run: echo "Job succeeded"
+
- name: The job has failed
- if: ${{ failure() }}
\ No newline at end of file
+ if: failure()
+ run: echo "Job failed"
diff --git a/github-actions/templates/job-dependent.yml b/github-actions/templates/job-dependent.yml
new file mode 100644
index 00000000..7f56ad90
--- /dev/null
+++ b/github-actions/templates/job-dependent.yml
@@ -0,0 +1,144 @@
+name: Job Dependencies Demo
+
+on:
+ push:
+ branches: [ main ]
+ workflow_dispatch:
+ inputs:
+ environment:
+ description: 'Environment to run tests'
+ required: true
+ default: 'staging'
+ type: choice
+ options:
+ - staging
+ - production
+
+jobs:
+ initial-setup:
+ runs-on: ubuntu-latest
+ outputs:
+ setup-time: ${{ steps.set-time.outputs.time }}
+ config-file: ${{ steps.set-config.outputs.config }}
+ steps:
+ - name: Set time
+ id: set-time
+ run: echo "time=$(date +'%Y-%m-%d-%H-%M-%S')" >> $GITHUB_OUTPUT
+
+ - name: Set config
+ id: set-config
+ run: |
+ echo "config={\"version\":\"1.0\",\"env\":\"${{ github.event.inputs.environment }}\"}" >> $GITHUB_OUTPUT
+
+ lint:
+ needs: initial-setup
+ runs-on: ubuntu-latest
+ steps:
+ - name: Echo setup time
+ run: echo "Setup was done at ${{ needs.initial-setup.outputs.setup-time }}"
+
+ - name: Run lint
+ run: |
+ echo "Running lint checks..."
+ sleep 5
+ echo "Lint completed"
+
+ unit-tests:
+ needs: initial-setup
+ runs-on: ubuntu-latest
+ steps:
+ - name: Run unit tests
+ run: |
+ echo "Running unit tests..."
+ sleep 10
+ echo "Unit tests completed"
+
+ integration-tests:
+ needs: [lint, unit-tests]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Run integration tests
+ run: |
+ echo "Running integration tests..."
+ sleep 15
+ echo "Integration tests completed"
+
+ parallel-tests:
+ needs: initial-setup
+ strategy:
+ matrix:
+ test-group: [group1, group2, group3]
+ node-version: [14, 16, 18]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Run parallel tests
+ run: |
+ echo "Running ${{ matrix.test-group }} with Node ${{ matrix.node-version }}"
+ sleep 5
+ echo "Parallel tests completed for ${{ matrix.test-group }}"
+
+ security-scan:
+ needs: initial-setup
+ runs-on: ubuntu-latest
+ if: github.event_name == 'workflow_dispatch'
+ steps:
+ - name: Security scan
+ run: |
+ echo "Running security scan..."
+ sleep 8
+ echo "Security scan completed"
+
+ build:
+ needs: [integration-tests, parallel-tests, security-scan]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Build
+ run: |
+ echo "Configuration: ${{ needs.initial-setup.outputs.config }}"
+ echo "Building application..."
+ sleep 10
+ echo "Build completed"
+
+ deploy-staging:
+ needs: build
+ if: |
+ success() &&
+ (github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/main')
+ runs-on: ubuntu-latest
+ environment:
+ name: staging
+ url: https://staging.example.com
+ steps:
+ - name: Deploy to staging
+ run: |
+ echo "Deploying to staging..."
+ sleep 5
+ echo "Staging deployment completed"
+
+ deploy-production:
+ needs: [deploy-staging]
+ if: |
+ success() &&
+ github.event.inputs.environment == 'production'
+ runs-on: ubuntu-latest
+ environment:
+ name: production
+ url: https://production.example.com
+ steps:
+ - name: Deploy to production
+ run: |
+ echo "Deploying to production..."
+ sleep 5
+ echo "Production deployment completed"
+
+ cleanup:
+ needs: [deploy-staging, deploy-production]
+ if: always()
+ runs-on: ubuntu-latest
+ steps:
+ - name: Cleanup
+ run: |
+ echo "Cleaning up resources..."
+ echo "Setup time was ${{ needs.initial-setup.outputs.setup-time }}"
+ sleep 3
+ echo "Cleanup completed"
\ No newline at end of file
diff --git a/github-actions/templates/publish-package.yml b/github-actions/templates/publish-package.yml
new file mode 100644
index 00000000..e386ee0c
--- /dev/null
+++ b/github-actions/templates/publish-package.yml
@@ -0,0 +1,152 @@
+name: Publish Package
+
+on:
+ release:
+ types: [created]
+ workflow_dispatch:
+ inputs:
+ version:
+ description: 'Package version'
+ required: true
+ default: '1.0.0'
+
+jobs:
+ # Publishing a Node.js Package
+ publish-npm:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Setup Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18.x'
+ registry-url: 'https://npm.pkg.github.com'
+ scope: '@octocat'
+
+ - name: Install dependencies
+ run: npm ci
+
+ - name: Build
+ run: npm run build --if-present
+
+ - name: Publish to GitHub Packages
+ run: npm publish
+ env:
+ NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # Publishing a Python Package
+ publish-python:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.x'
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install build twine
+
+ - name: Build package
+ run: python -m build
+
+ - name: Publish to GitHub Packages
+ env:
+ TWINE_USERNAME: __token__
+ TWINE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+ TWINE_REPOSITORY_URL: https://github-package-registry.com/octocat/python-package
+ run: twine upload dist/*
+
+ # Publishing a Docker Image
+ publish-docker:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Log in to GitHub Container Registry
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Extract metadata for Docker
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ghcr.io/${{ github.repository }}
+ tags: |
+ type=semver,pattern={{version}}
+ type=sha,format=long
+
+ - name: Build and push Docker image
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+
+ # Publishing a Java Package
+ publish-java:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up JDK
+ uses: actions/setup-java@v3
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ cache: 'maven'
+ server-id: github
+
+ - name: Build with Maven
+ run: mvn -B package
+
+ - name: Publish to GitHub Packages
+ run: mvn --batch-mode deploy
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # Publishing a .NET NuGet Package
+ publish-nuget:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Setup .NET
+ uses: actions/setup-dotnet@v3
+ with:
+ dotnet-version: '7.0.x'
+ source-url: https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json
+ env:
+ NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build
+ run: dotnet build --configuration Release
+
+ - name: Create package
+ run: dotnet pack --configuration Release
+
+ - name: Publish package
+ run: dotnet nuget push "**/*.nupkg" --source "https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json" --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
\ No newline at end of file
diff --git a/github-actions/templates/webhook.yml b/github-actions/templates/webhook.yml
index dbdf1e47..0f76087a 100644
--- a/github-actions/templates/webhook.yml
+++ b/github-actions/templates/webhook.yml
@@ -9,7 +9,8 @@ jobs:
respond-to-dispatch:
runs-on: ubuntu-latest
steps:
- - name Checkout repo
+ - name: Checkout repo
uses: actions/checkout@v2
- name: Run a script
- run: echo "Event of type: $GITHUB_EVENT_NAME"
+ run: |
+ echo "Event of type: ${{ github.event_name }}"
diff --git a/github-actions/templates/workflow-vars-demo.yml b/github-actions/templates/workflow-vars-demo.yml
new file mode 100644
index 00000000..4d374f82
--- /dev/null
+++ b/github-actions/templates/workflow-vars-demo.yml
@@ -0,0 +1,178 @@
+name: GitHub Variables Demo
+
+# Enable permissions for OIDC
+permissions:
+ id-token: write
+ contents: read
+
+# Environmental variables at workflow level
+env:
+ WORKFLOW_VAR: "This is a workflow-level variable"
+ ENVIRONMENT: "production"
+ DEFAULT_REGION: "us-west-2"
+
+on:
+ push:
+ branches: [ main ]
+ workflow_dispatch:
+
+jobs:
+ demonstrate-variables:
+ runs-on: ubuntu-latest
+ # Job level environment variables
+ env:
+ JOB_VAR: "This is a job-level variable"
+ APP_NAME: "my-application"
+
+ steps:
+ # Default GitHub Environment Variables
+ - name: Default GitHub Variables
+ run: |
+ echo "Default GitHub Variables:"
+ echo "Repository: ${{ github.repository }}"
+ echo "Workspace: ${{ github.workspace }}"
+ echo "Ref Name: ${{ github.ref_name }}"
+ echo "SHA: ${{ github.sha }}"
+ echo "Actor: ${{ github.actor }}"
+ echo "Run ID: ${{ github.run_id }}"
+ echo "Server URL: ${{ github.server_url }}"
+ echo "API URL: ${{ github.api_url }}"
+ echo "GraphQL URL: ${{ github.graphql_url }}"
+
+ # Default Runner Environment Variables
+ - name: Default Runner Variables
+ run: |
+ echo "Default Runner Variables:"
+ echo "OS: ${{ runner.os }}"
+ echo "Architecture: ${{ runner.arch }}"
+ echo "Temp Directory: ${{ runner.temp }}"
+ echo "Tool Cache: ${{ runner.tool_cache }}"
+
+ # Accessing workflow-level variables
+ - name: Workflow Level Variables
+ run: |
+ echo "Workflow Level Variables:"
+ echo "Workflow Variable: ${{ env.WORKFLOW_VAR }}"
+ echo "Environment: ${{ env.ENVIRONMENT }}"
+ echo "Region: ${{ env.DEFAULT_REGION }}"
+
+ # Accessing job-level variables
+ - name: Job Level Variables
+ run: |
+ echo "Job Level Variables:"
+ echo "Job Variable: ${{ env.JOB_VAR }}"
+ echo "App Name: ${{ env.APP_NAME }}"
+
+ # Step-level environment variables
+ - name: Step Level Variables
+ env:
+ STEP_VAR: "This is a step-level variable"
+ COMBINED_VAR: "${{ env.JOB_VAR }} and ${{ env.WORKFLOW_VAR }}"
+ run: |
+ echo "Step Level Variables:"
+ echo "Step Variable: ${{ env.STEP_VAR }}"
+ echo "Combined Variable: ${{ env.COMBINED_VAR }}"
+
+ # Using GitHub Secrets
+ - name: Using Secrets
+ env:
+ # Never print actual secrets to logs
+ HAS_SECRET: ${{ secrets.MY_SECRET != '' }}
+ API_KEY_EXISTS: ${{ secrets.API_KEY != '' }}
+ run: |
+ echo "Secrets Status:"
+ echo "Has MY_SECRET: $HAS_SECRET"
+ echo "Has API_KEY: $API_KEY_EXISTS"
+ # Example of using a secret (never echo the actual secret)
+ if [ "$HAS_SECRET" = "true" ]; then
+ echo "MY_SECRET is configured"
+ fi
+
+ # Using Configuration Variables
+ - name: Configuration Variables
+ run: |
+ echo "Configuration Variables:"
+ echo "Config Var 1: ${{ vars.CONFIG_VAR_1 }}"
+ echo "Config Var 2: ${{ vars.CONFIG_VAR_2 }}"
+ echo "Environment Specific Config: ${{ vars.ENV_SPECIFIC_CONFIG }}"
+
+ # Dynamic Variables Example
+ - name: Set Dynamic Variables
+ id: set-vars
+ run: |
+ echo "timestamp=$(date +'%Y-%m-%d-%H-%M-%S')" >> $GITHUB_OUTPUT
+ echo "random_id=$(openssl rand -hex 8)" >> $GITHUB_OUTPUT
+ echo "build_number=build-${{ github.run_number }}-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
+
+ # Using Dynamic Variables
+ - name: Use Dynamic Variables
+ run: |
+ echo "Dynamic Variables:"
+ echo "Timestamp: ${{ steps.set-vars.outputs.timestamp }}"
+ echo "Random ID: ${{ steps.set-vars.outputs.random_id }}"
+ echo "Build Number: ${{ steps.set-vars.outputs.build_number }}"
+
+ environment-specific:
+ needs: demonstrate-variables
+ runs-on: ubuntu-latest
+ environment: production
+ env:
+ ENV_TYPE: "production"
+
+ steps:
+ # Environment-specific secrets and variables
+ - name: Environment Specific Values
+ env:
+ HAS_ENV_SECRET: ${{ secrets.PROD_API_KEY != '' }}
+ run: |
+ echo "Environment: ${{ env.ENV_TYPE }}"
+ echo "Environment URL: ${{ vars.ENVIRONMENT_URL }}"
+ echo "Has PROD_API_KEY: $HAS_ENV_SECRET"
+ echo "Environment Config: ${{ vars.ENV_SPECIFIC_CONFIG }}"
+
+ # Using OIDC Token (Fixed version)
+ - name: Get OIDC Token
+ id: get-oidc-token
+ uses: actions/github-script@v6
+ with:
+ script: |
+ const token = await core.getIDToken()
+ core.setSecret(token)
+ core.setOutput('token', token)
+
+ - name: Use OIDC Token
+ run: |
+ echo "OIDC token was retrieved successfully"
+ # Never print the actual token
+ if [ "${{ steps.get-oidc-token.outputs.token != '' }}" = "true" ]; then
+ echo "Token is available for use with cloud services"
+ fi
+
+ matrix-variables:
+ needs: demonstrate-variables
+ strategy:
+ matrix:
+ environment: [dev, staging, prod]
+ region: [us-east-1, us-west-2]
+ runs-on: ubuntu-latest
+ env:
+ CURRENT_ENV: ${{ matrix.environment }}
+ CURRENT_REGION: ${{ matrix.region }}
+
+ steps:
+ - name: Matrix Based Variables
+ run: |
+ echo "Matrix Variables:"
+ echo "Environment: ${{ env.CURRENT_ENV }}"
+ echo "Region: ${{ env.CURRENT_REGION }}"
+ echo "Combined: ${{ matrix.environment }}-${{ matrix.region }}"
+
+ # Conditional variable setting based on matrix
+ - name: Conditional Variables
+ env:
+ ENV_URL: ${{ matrix.environment == 'prod' && 'https://prod.example.com' || 'https://dev.example.com' }}
+ RESOURCE_PREFIX: ${{ matrix.environment }}-${{ matrix.region }}
+ run: |
+ echo "Conditional Variables:"
+ echo "Environment URL: $ENV_URL"
+ echo "Resource Prefix: $RESOURCE_PREFIX"
\ No newline at end of file