Skip to content

Securely deliver CloudTruth configuration and secrets into your GitHub Actions workflows.

License

Notifications You must be signed in to change notification settings

cloudtruth/configure-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

configure-action

ci codecov open issues code style: prettier license cloudtruth

CloudTruth centralizes your configuration and secrets information to make it easier to manage.

This action allows you to extract the configuration and secrets from a project, scoped to an environment, into your GitHub Actions workflow. This is done securely by ensuring that the GitHub workflow engine is told which of your configuration values are considered secrets, so it can ensure they are properly redacted. This is analogous to the behavior you would see if you added your secrets directly to your GitHub organization or repository and then accessed those secrets through the secrets object in your action.

This action will modify your env object to have values for all the parameters that you have stored in your project for the given environment.

Prerequisites

You must have an api key established in your CloudTruth account.

Action inputs

name required description
apikey yes The CloudTruth Service Account API Key to use.
project yes The CloudTruth project (name or id) within the organization.
environment yes The CloudTruth environment (name or id) view to use.
tag no The CloudTruth tag (name) within the environment to use. If not specified, current values will be retrieved.
overwrite no (default: false) Allow existing environment variables to be overwritten.
server no (default: https://api.cloudtruth.io) The CloudTruth server to execute the query against.

Usage

Add a step to your workflow, ensuring that your CloudTruth service account api key is stored in GitHub as a secret:

    - uses: cloudtruth/configure-action@v2
      with:
        apikey: "${{ secrets.CLOUDTRUTH_API_KEY }}"
        project: "<project name or id>"
        environment: "<environment name or id>"

We recommend using tags to provide consistent retrieval of configuration. Tags isolate your deployments from changes being made in real-time by users.

See our GitHub Actions workflow for a working example.