# Exercise 02: Environment Variables and Secrets

In this exercise, you'll learn how to use environment variables and secrets in GitHub Actions workflows. You'll create a simple application that uses environment variables and set up a workflow that securely handles sensitive information.

## Objectives

- Understand the difference between environment variables and secrets
- Learn how to use GitHub Secrets
- Create a workflow that uses environment variables
- Implement secure handling of sensitive data
- Use environment variables across different jobs

## Understanding Environment Variables and Secrets

GitHub Actions provides two main ways to handle configuration and sensitive data:

1. **Environment Variables**
   - Regular variables that can be set at different levels
   - Visible in logs (should not contain sensitive data)
   - Can be set at workflow, job, or step level

2. **Secrets**
   - Encrypted variables for sensitive data
   - Never displayed in logs
   - Available at repository, environment, or organization level

3. **Contexts**
   - Special variables that provide information about the workflow run
   - Examples: github.event, github.workspace
   - Accessible throughout the workflow

## Example Workflow with Environment Variables

In [None]:
env_workflow = """
name: Environment Variables Example

on: [push]

env:
  NODE_ENV: production
  API_URL: https://api.example.com

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v3
      
      - name: Use environment variable
        run: echo "Building for ${{ env.NODE_ENV }}"
        
      - name: Use secret
        run: echo "Using API key: ${{ secrets.API_KEY }}"
        env:
          API_KEY: ${{ secrets.API_KEY }}
"""

print(env_workflow)

## Hands-on Exercise

In this exercise, you'll create an application that uses environment variables and secrets. Follow these steps:

1. **Create a Configuration Application**
   - Create a Python application that reads configuration from environment variables
   - Add functionality to connect to a mock API using credentials
   - Create a test file to verify the functionality

2. **Set Up GitHub Secrets**
   - Add repository secrets in GitHub
   - Understand the different types of secrets (repository, environment, organization)

3. **Create GitHub Actions Workflow**
   - Create a workflow that uses environment variables
   - Implement secure handling of secrets
   - Pass environment variables between jobs

4. **Test Your Workflow**
   - Commit and push your changes
   - Verify that secrets are properly masked in logs
   - Check that the application works with the provided environment variables

## Expected Outcome

After completing this exercise, you should have:
- An application that uses environment variables
- A GitHub Actions workflow that securely handles secrets
- Understanding of different types of GitHub Secrets
- Experience with passing environment variables between jobs

## Next Steps

Once you've completed this exercise, move on to Exercise 03 to learn about matrix builds in GitHub Actions.