Search code examples
node.jsgitherokugithub-actionssteam

NodeJS/Heroku Application Error for reading env variables with Github Action

Initially, I had a working git repo with a workflow setup so as to upload some NodeJS source code on a git push request which all worked fine. However I have a Steam API key that was in an .env file which I did not want public (removing .env altogether) so I wanted to use Github Secrets to store the STEAM_API_KEY (along with other variables such as BASE_URL) within yml env variables used in the workflow as follows:

jobs:
  test:

    runs-on: ubuntu-latest
    
    env: 
      BASE_URL: ${{ secrets.BASE_URL }}
      STEAM_API_KEY: ${{ secrets.STEAM_API_KEY }}

    steps:
      - name: Checkout Repo v2
        uses: actions/checkout@v2
      
      - name: Use Node.js 14.x
        uses: actions/setup-node@v1
        with:
          node-version: 14.x
          
      - name: Running CI Installation
        run: npm ci
      - name: Running Application/Server Unit Tests
        run: npm test

I than accessed them in my code with process.env.<variable_name> (following How can I use Github secrets in JS files):

module.exports = new SteamAuth({
    realm: `${process.env.BASE_URL}/steam/user/auth`,
    returnUrl: `${process.env.BASE_URL}/steam/user/auth`,
    apiKey: process.env.STEAM_API_KEY
});

But throws me this error on Heroku:

Error: Missing realm, returnURL or apiKey parameter(s). These are required.

This does not happen if I simply hard-code the strings directly into realm, returnUrl and apiKey.

Upon further troubleshooting:

    var url1 = `${process.env.BASE_URL}/steam/user/auth`; // BASE_URL = "https://<app_name>.herokuapp.com"
    var url2 = "https://<app_name>.herokuapp.com/steam/user/auth";

    console.log(url1 === url2);
    console.log(url1);
    console.log(url2);

Outputs:

true
***/steam/user/auth
***/steam/user/auth

Where url1 has process.env.BASE_URL encrypted. But url2 gets encrypted too since it resembles BASE_URL?? Is this a flaw with Github Actions?

At this point I am out of ideas. I am doing something wrong but don't know where to go from here. Anyone have any idea on how to properly use Github secrets in .js code?

PS: Github secrets/workflows are very new to me, please be indulgent with my lack of knowledge/understanding.

Solution

  • I figured the problem out: The env variables are only available when running the Github Action, NOT while executing from Heroku.

    Still doesn't explain the last part tho with url2