hello, I encountered a problem when trying CD/CD Integration Assistant. I used Gihub Actions to run CI/CD, which showed me the error: "PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions". The Actions Yaml copied from the template is as follows:

name: Preview or update Pulumi app serverless/aws-typescript/dev
on:
  push:
    branches:
      - master
    paths:
      - '**/*'
  pull_request:
    branches:
      - master
    paths:
      - '**/*'

# These are the environment variables that jobs in the workflow have access to.
# By defining them here, all jobs/steps will have access to these variables.
env:
  # IMPORTANT! You must map the env vars for your cloud provider here even though you add them as secrets
  # to this repository.
  # See the setup page for cloud providers here: <https://www.pulumi.com/docs/intro/cloud-providers/>.
  # For example, if you are using AWS, then you should add the following:
  ALICLOUD_ACCESS_KEY: ${{ secrets.ALICLOUD_ACCESS_KEY }}
  ALICLOUD_SECRET_KEY: ${{ secrets.ALICLOUD_SECRET_KEY }}
  ALICLOUD_REGION: ${{ secrets.ALICLOUD_REGION }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_STACK_NAME: serverless/aws-typescript/dev
  PULUMI_WORKING_DIRECTORY: ./

jobs:
  pulumi:
    name: Pulumi
    runs-on: ubuntu-latest
    steps:

      # Turnstyle is used to prevent multiple push jobs from running at the same time. We
      # limit it to push jobs to allow PR jobs to run concurrently.
      - name: Turnstyle
        if: ${{ github.event_name == 'push' }}
        uses: softprops/turnstyle@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/checkout@v2

      - name: Use Node.js
        uses: actions/setup-node@v1
        with:
          node-version: 12.x

      - name: Install Pulumi CLI
        uses: pulumi/action-install-pulumi-cli@v1.0.1

      - name: Restore npm dependencies
        run: |
          npm --prefix $PULUMI_WORKING_DIRECTORY ci
          # If you are using yarn instead with Pulumi, comment the above line and uncomment the below line.
          # yarn install --cwd $PULUMI_WORKING_DIRECTORY

      - name: PR previews
        run: pulumi preview -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY
        if: ${{ github.event_name == 'pull_request' }}

      - name: Apply infrastructure update
        run: pulumi update --yes -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY
        if: ${{ github.event_name == 'push' }}

The PULUMI_ACCESS_TOKEN has been set in the github secrets environment which seems to be unavailable. Please help me with the error. Thanks!!

Here is the image:

@little-van-8457 not sure if you have resolved this issue, but I ran across this problem myself just now. The symptom I had was similar to yours, you can see that all secret values are blank in the screenshot you pasted where as when a workflow can read secrets you’ll see the masked

***

characters like in the screenshot I have attached. In my case it was because it was an automated PR created by Dependabot. Dependabot PRs are treated like forks and so an approval was required in order for the workflow to access the repo secrets. Similarly, in your case it could be that the user who created the PR does not have access to read the secrets in your case.

@clever-sunset-76585 Hi, I wonder that if there is a way to judge if the resource is impoted or not? I don't want to pulumi import the resource repeatedly.

I created secrets content in ‘Environment secrets’, which should be created in ‘Repository secrets’

Wonderful! If managing environments works for your setup, that’s good! It’s an easy way to manage multiple sets of secrets, too.