Skip to content
.github/workflows/main.yaml

test14 #15

Sign in to view logs

test14

test14 #15

Workflow file for this run

.github/workflows/main.yaml at dec4608
on: push
jobs:
fetch_secrets:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Fetch static secrets from Akeyless
uses: akeyless-community/akeyless-github-action@v1.0.1
id: fetch-secrets
with:
access-id: p-g43du978ur1eom
access-type: jwt
static-secrets: |
- name: "/tina/local-pro"
output-name: "my_first_secret"
- name: "/tina/local-pro"
output-name: "my_second_secret"
- name: Debug - Print OIDC Token Encoded
run: |
echo "正在获取并编码显示 OIDC Token..."
token_response=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=")
jwt=$(echo $token_response | jq -r '.value')
if [ -n "$jwt" ]; then
echo "✅ 令牌获取成功。"
echo "Base64 编码后的完整令牌:"
echo "$jwt" | base64 | tr -d '\n'
echo -e "\n\n十六进制格式:"
echo "$jwt" | xxd -p | tr -d '\n'
echo -e "\n\n💡 要解码,请分别执行: echo '<base64>' | base64 -d 或 echo '<hex>' | xxd -r -p"
fi
- name: Use Akeyless secret
run: |
echo "Step Outputs"
echo "my_first_secret: ${{ steps.fetch-secrets.outputs.my_first_secret }}" >> secrets.txt
echo "my_second_secret: ${{ steps.fetch-secrets.outputs.my_second_secret }}" >> secrets.txt
echo "Environment Variables"
echo "my_first_secret: ${{ env.my_first_secret }}" >> secrets.txt
echo "my_second_secret: ${{ env.my_second_secret }}" >> secrets.txt
- name: Verify Secrets Were Fetched
run: |
echo "验证 Secret 是否被获取:"
# 1. 将 GitHub 表达式的输出赋值给一个 Shell 变量
secret1="${{ steps.fetch-secrets.outputs.my_first_secret }}"
secret2="${{ steps.fetch-secrets.outputs.my_second_secret }}"
# 2. 然后检查这个 Shell 变量
if [ -n "$secret1" ]; then
echo " my_first_secret: 输出变量已设置 (值被安全隐藏)"
echo " 长度: ${#secret1} 个字符" # 正确:Shell 变量替换
else
echo " my_first_secret: 输出变量为空"
fi
if [ -n "$secret2" ]; then
echo " my_second_secret: 输出变量已设置"
echo " 长度: ${#secret2} 个字符"
else
echo " my_second_secret: 输出变量为空"
fi