How to pass GitHub secret to a Gradle task in a workflow

Question

I am creating a workflow executes gradle tasks. It looks similar to this.

name: My Workflow

on:
  push:
    branches: [main]

env:
  USERNAME: myUserName

jobs:
  my-job:
    runs-on: [self-hosted]
    steps:
      - name: Checkout project sources
        uses: actions/checkout@v3

      - name: Call my Gradle Task
        run: .\gradlew :myGradleTaskName -DMY_PASSWORD=${{secrets.PASSWORD}}

I would like to know the best practice when it comes to passing the secret to my gradle task.

Answer 1

You can use workflow environment variables to your advantage. GitHub Actions Secrets are masked by default and not revealed on stdout, allowing, you to use a simple bash way to pass environment variables to run step - making the most of them.

name: My Workflow

on:
  push:
    branches: [main]

env:
  USERNAME: myUserName
  PASSWORD: ${{secrets.PASSWORD}}

jobs:
  my-job:
    runs-on: [self-hosted]
    steps:
      - name: Checkout project sources
        uses: actions/checkout@v3

      - name: Call my Gradle Task
        run: .\gradlew :myGradleTaskName -DMY_PASSWORD=$PASSWORD

Answer 2

create a secret in repository settings -> secrets and variables -> new repository secret.

provide secret name and value.

use same secret name in your script

.\gradlew :myGradleTaskName -DMY_PASSWORD=${{ secrets. }}