Hey all - we've been adopting Pulumi ESC at <Dosu>...
# esc
Hey all - we've been adopting Pulumi ESC at Dosu and are wondering if we can use
to set env vars in GitHub Actions too. Has anyone explored this? There are two motivations • Single source of truth. We don't have to update secrets in multiple places • Run the same GitHub actions with different env vars. We have deployment action that we'd like to re-use between staging and production. The only difference is the env vars Any ideas welcome!
the naive approach that comes to mind is running within the run step
Copy code
eval $(esc env open $DEPLOY_ENV --format shell)
Copy code
esc env get $DEPLOY_ENV --value dotenv >> "$GITHUB_ENV"
On the second solution, this might be better:
Copy code
esc env open $DEPLOY_ENV --format dotenv >> $GITHUB_ENV
Also you should check out setting up OIDC trust relationships. We are releasing today a auth GitHub Action to make this easier to consume, blog is coming out soon.
Thanks @enough-architect-32336! I'll checkout OIDC for GHA - that is much cleaner that what we have currently
For posterity, the final solution require stripping the surrounding value quotes from the
format before appending to
Copy code
esc env open dosu/staging --format dotenv  | sed  's/="\([^"]*\)"/=\1/' | $GITHUB_ENV