This walkthrough shows you how to use CloudTruth parameters safely and securely with GitHub Actions using our configure-action.

Prerequisites

• You have a GitHub account.

• You have created one or more CloudTruth Parameters.

• You have created a CloudTruth API Access token.

Update GitHub Repository Secrets

Adding your CloudTruth API access token as a GitHub secret allows GitHub Actions to reference the API token when running a workflow. This allows you to bring configuration and secrets from your CloudTruth projects into GitHub workflows.

In your GitHub repository settings, add a new repository secret with the name CLOUDTRUTH_TOKEN that contains your API access token as the value:

Using cloudtruth/configure-action​

The action can be used to inject the configuration and secrets from a project's environment into your GitHub workflow. Within the same job, steps following the action will have environment variables set to those in your project, based on the environment you choose:

---
name: 'demo'
on:
  pull_request: {}
​
jobs:
  demo:
    runs-on: ubuntu-latest
    steps:
      - uses: cloudtruth/configure-[email protected]
        with:
          token: "${{ secrets.CLOUDTRUTH_TOKEN }}"
          project: default
          environment: default
​
      - name: dump the environment
        run: |
          printenv | sort

GitHub Action results will show the environment variables that were added to the job, and which parameters were redacted.

A complete example is found in the demo workflow of the configure-action repository.