Skip to content

Accessing GH context in actions #26326

Accessing GH context in actions #26326
Oct 12, 2021 · 5 answers

Is there anyway to access the GH context from within an action, without having to specify e.g. env og secrets as inputs for the action? Right now I serialize e.g. secrets as a parameter for the action and deserialize within the action.

Thoughts?

I don’t think it’s currently possible to access the context directly.

Consider github-script, which provides a partial context containing some of the items from the workflow github context. That partial context is actually just rehydrated from the environment. If it were possible to get the real context directly it would make sense for github-script to do that. The fact it doesn’t suggests it’s not possible.

One workaround is to add inputs to your action, but set the default using the context, eg:

  <a href="https://github.com/actions/github-script/blob/00e1b58cd9e040d944127e75b3d9df586e4b0479/action.yml#L13" target="_blank" rel="noopener nofollow ugc">github.com</a>

actions/github-scrip…

Replies

5 suggested answers

Can anyone confirm that accessing GH context is not possible within an action, without specifying it as a parameter input?

0 replies

I don’t think it’s currently possible to access the context directly.

Consider github-script, which provides a partial context containing some of the items from the workflow github context. That partial context is actually just rehydrated from the environment. If it were possible to get the real context directly it would make sense for github-script to do that. The fact it doesn’t suggests it’s not possible.

One workaround is to add inputs to your action, but set the default using the context, eg:

  <a href="https://github.com/actions/github-script/blob/00e1b58cd9e040d944127e75b3d9df586e4b0479/action.yml#L13" target="_blank" rel="noopener nofollow ugc">github.com</a>

actions/github-script/blob/00e1b58cd9e040d944127e75b3d9df586e4b0479/action.yml#L13

    
      
  1. description: Run simple scripts using the GitHub client
  2. branding:
  3. color: blue
  4. icon: code
  5. inputs:
  6. script:
  7. description: The script to run
  8. required: true
  9. github-token:
  10. description: The GitHub token used to create an authenticated client
  11. default: ${{ github.token }}
  12. required: false
  13. debug:
  14. description: Whether to tell the GitHub client to log details of its requests
  15. default: false
  16. user-agent:
  17. description: An optional user-agent string
  18. default: actions/github-script
  19. previews:
  20. description: A comma-separated list of API previews to accept
  21. result-encoding:

That’s ok if it makes sense to give users of the action the option to override the default value.

0 replies
Answer selected

That’s a pretty good idea and letting the user option out by overriding the inputs makes perfectly sense. In my case I need access to both the github and secrets context for setting up variables based on the environment context in the json-variables action. The default assignment makes usage syntax far more clean, while still being able to overwrite.
Thanks!

0 replies

But it is explicitly stated in Automatic token authentication - GitHub Docs

Important: An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action.

Is this just plain wrong?

0 replies

I was wondering exactly the same thing. I think the way to get the GITHUB_TOKEN using the context is using a default input value. You can see an example in the GitHub actions/checkout@v2 action:

  <a href="https://github.com/actions/checkout/blob/2541b1294d2704b0964813337f33b291d3f8596b/action.yml#L24" target="_blank" rel="noopener nofollow ugc">github.com</a>

actions/checkout/blob/2541b1294d2704b0964813337f33b291d3f8596b/action.yml#L24

<pre class="onebox">      <code class="lang-yml">
    <ol class="start lines" start="14" style="counter-reset: li-counter 13 ;">
        <li>    Personal access token (PAT) used to fetch the repository. The PAT is configured
  • with the local git config, which enables your scripts to run authenticated git
  • commands. The post-job step removes the PAT.
  • We recommend using a service account with the least permissions necessary.
  • Also when generating a new PAT, select the least scopes necessary.
  • [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
  • default: ${{ github.token }}
  • ssh-key:
  • description: >
  • SSH key used to fetch the repository. The SSH key is configured with the local
  • git config, which enables your scripts to run authenticated git commands.
  • The post-job step removes the SSH key.
  • We recommend using a service account with the least permissions necessary.
  • As far as I know there are some ways to pass values to the action:

    And:

    I have not found any information in the documentation regarding using contexts in the action definition file. It is not mentioned in the action.yml syntax: Metadata syntax for GitHub Actions - GitHub Docs

    0 replies
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    None yet
    4 participants