Initially, I had a working git repo with a workflow setup so as to upload some NodeJS source code on a git push
request which all worked fine. However I have a Steam API key that was in an .env file which I did not want public (removing .env altogether) so I wanted to use Github Secrets to store the STEAM_API_KEY (along with other variables such as BASE_URL) within yml env variables used in the workflow as follows:
jobs:
test:
runs-on: ubuntu-latest
env:
BASE_URL: ${{ secrets.BASE_URL }}
STEAM_API_KEY: ${{ secrets.STEAM_API_KEY }}
steps:
- name: Checkout Repo v2
uses: actions/checkout@v2
- name: Use Node.js 14.x
uses: actions/setup-node@v1
with:
node-version: 14.x
- name: Running CI Installation
run: npm ci
- name: Running Application/Server Unit Tests
run: npm test
I than accessed them in my code with process.env.<variable_name>
(following How can I use Github secrets in JS files):
module.exports = new SteamAuth({
realm: `${process.env.BASE_URL}/steam/user/auth`,
returnUrl: `${process.env.BASE_URL}/steam/user/auth`,
apiKey: process.env.STEAM_API_KEY
});
But throws me this error on Heroku:
Error: Missing realm, returnURL or apiKey parameter(s). These are required.
This does not happen if I simply hard-code the strings directly into realm, returnUrl and apiKey.
Upon further troubleshooting:
var url1 = `${process.env.BASE_URL}/steam/user/auth`; // BASE_URL = "https://<app_name>.herokuapp.com"
var url2 = "https://<app_name>.herokuapp.com/steam/user/auth";
console.log(url1 === url2);
console.log(url1);
console.log(url2);
Outputs:
true
***/steam/user/auth
***/steam/user/auth
Where url1 has process.env.BASE_URL
encrypted. But url2 gets encrypted too since it resembles BASE_URL?? Is this a flaw with Github Actions?
At this point I am out of ideas. I am doing something wrong but don't know where to go from here. Anyone have any idea on how to properly use Github secrets in .js code?
PS: Github secrets/workflows are very new to me, please be indulgent with my lack of knowledge/understanding.
I figured the problem out: The env variables are only available when running the Github Action, NOT while executing from Heroku.
Still doesn't explain the last part tho with url2