使用加密的 SECRET_KEY 作为环境变量的 GitHub Actions 不起作用
Posted
技术标签:
【中文标题】使用加密的 SECRET_KEY 作为环境变量的 GitHub Actions 不起作用【英文标题】:GitHub Actions with encrypted SECRET_KEY as environmental variable do not work 【发布时间】:2021-12-25 13:12:02 【问题描述】:我在编码方面没有太多经验。我目前正在编写一个小型 Django 应用程序。按照所有规则,我不想将 SECRET_KEY 放在存储库中,因此我在 .bashrс 文件中创建了 SECRET_KEY 环境变量。在 settings.py 文件中我写道:SECRET_KEY = os.environ.get ('SECRET_KEY')
当我执行
pylint --load-plugins pylint_django my_application 在我电脑的终端中一切正常。我收到了回复
您的代码评分为 9.88 / 10
当我将文件发送到我的 GitHub 存储库时,我还有工作流 pylint.yaml 来完成推送触发器上的 pylint-django 测试:
name: Pylint
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Analysing the code with pylint
run: |
pylint --load-plugins pylint_django rm
当我将文件推送到 GitHub 时,我会重新接收:
Run pylint --load-plugins pylint_django rm
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint_django/checkers/foreign_key_strings.py", line 90, in open
django.setup()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/__init__.py", line 19, in setup
configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/conf/__init__.py", line 82, in __getattr__
self._setup(name)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/conf/__init__.py", line 63, in _setup
raise ImproperlyConfigured(
django.core.exceptions.ImproperlyConfigured: Requested setting LOGGING_CONFIG, but settings are not configured. You must either define the environment variable DJANGO_SETTINGS_MODULE or call settings.configure() before accessing settings.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.8.12/x64/bin/pylint", line 8, in <module>
sys.exit(run_pylint())
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint/__init__.py", line 24, in run_pylint
PylintRun(sys.argv[1:])
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint/lint/run.py", line 374, in __init__
linter.check(args)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint/lint/pylinter.py", line 970, in check
self._check_files(
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint/lint/pylinter.py", line 1005, in _check_files
with self._astroid_module_checker() as check_astroid_module:
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/contextlib.py", line 113, in __enter__
return next(self.gen)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint/lint/pylinter.py", line 1127, in _astroid_module_checker
checker.open()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pylint_django/checkers/foreign_key_strings.py", line 114, in open
django.setup()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/__init__.py", line 24, in setup
apps.populate(settings.INSTALLED_APPS)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/apps/registry.py", line 122, in populate
app_config.ready()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/admin/apps.py", line 27, in ready
self.module.autodiscover()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/admin/__init__.py", line 24, in autodiscover
autodiscover_modules('admin', register_to=site)
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/utils/module_loading.py", line 47, in autodiscover_modules
import_module('%s.%s' % (app_config.name, module_to_search))
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 843, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/auth/admin.py", line 6, in <module>
from django.contrib.auth.forms import (
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/auth/forms.py", line 11, in <module>
from django.contrib.auth.tokens import default_token_generator
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/auth/tokens.py", line 117, in <module>
default_token_generator = PasswordResetTokenGenerator()
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/contrib/auth/tokens.py", line 18, in __init__
self.secret = self.secret or settings.SECRET_KEY
File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/django/conf/__init__.py", line 90, in __getattr__
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
Error: Process completed with exit code 1.
看起来 GitHub 托管的跑步者看不到我的 SECRET_KEY 的值,该值被写入 .bashrc 文件 在我的本地机器上。 我试图像这样更改我的文件:
name: Pylint
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Analysing the code with pylint
run: |
export SECRET_KEY=$ secrets.SECRET_KEY
export DB_USER=$ secrets.DB_USER
export DB_PASSWORD=$ secrets.DB_PASSWORD
export DB_NAME=$ secrets.DB_NAME
pylint --load-plugins pylint_django rm
然后我得到了这个错误:
Run export SECRET_KEY=***
/home/runner/work/_temp/87974674-0535-4fca-ab32-30cf1a19f030.sh: line 1: syntax error near unexpected token `4h%fzr+bqqsmg8ftp-a$4%b'
Error: Process completed with exit code 2.
我把我的 pylint.yaml 文件改成了这个:
name: Pylint
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Analysing the code with pylint # SECRET_KEY is generated with DJANGO SECRET KEY GENERATOR
run: |
export SECRET_KEY=0-42!#@*6jqo)lv^+@-+&(-@kjke@xzk%)1!w)vz-1uwk71p)=
export DB_USER=$ secrets.DB_USER
export DB_PASSWORD=$ secrets.DB_PASSWORD
export DB_NAME=$ secrets.DB_NAME
pylint --load-plugins pylint_django rm
得到了这个错误:
Run export SECRET_KEY=0-42!#@*6jqo)lv^+@-+&(-@kjke@xzk%)1!w)vz-1uwk71p)=
/home/runner/work/_temp/fdbfd3cd-9022-4cd6-833c-0aef801ddddb.sh: line 1: syntax error near unexpected token `)'
Error: Process completed with exit code 2.
我如何告诉我的 pylint 工作流在 pylint.yaml 文件中使用什么 SECRET_KEY 来通过测试?
请帮忙。我已经花了很多时间思考和搜索互联网和 GitHub 文档,但我没有找到适合自己的任何东西。
【问题讨论】:
【参考方案1】:我非常接近解决方案。由于SECRET_KEY 包含括号,您需要用双引号将SECRET_KEY 括起来。
- name: Analysing the code with pylint # SECRET_KEY is generated with DJANGO SECRET KEY GENERATOR
run: |
export SECRET_KEY="0-42!#@*6jqo)lv^+@-+&(-@kjke@xzk%)1!w)vz-1uwk71p)="
export DB_USER=$ secrets.DB_USER
export DB_PASSWORD=$ secrets.DB_PASSWORD
export DB_NAME=$ secrets.DB_NAME
pylint --load-plugins pylint_django rm
【讨论】:
另一种选择是将 KEY 添加为 repo 机密,然后添加env 字段以使用值 SECRET_KEY=$secrets.SECRET_REPO_NAME 运行脚本
在我的情况下,这个变量给出了以下错误:Run export SECRET_KEY=*** /home/runner/work/_temp/8e67d0f8-99e9-4b64-a15f-c376aa71b497.sh: line 1: syntax error near unexpected token `4h%fzr+bqqsmg8ftp-a$4%b' Error: Process completed with exit code 2. 好像 GITHUB 没有在工作流中显示整个 SECRET_KEY 序列。
那我很糟糕。我相信过去可以使用它,但由于它可能导致一个秘密漏洞(如果您在脚本中将 calue 作为 env 变量检索后打印它),他们可能已经以这种方式处理了问题(即很棒,但要让你想要实现的目标更难)。以上是关于使用加密的 SECRET_KEY 作为环境变量的 GitHub Actions 不起作用的主要内容,如果未能解决你的问题,请参考以下文章