GitHub Actions 秘密未注入 Python 环境变量
我在使用GitHub Actions时遇到了一个意想不到的问题,我的Python脚本无法获取到秘密值。虽然我在GitHub仓库中正确设置了秘密,并尝试通过 os.environ.get("SECRET_NAME") 来访问它们,但返回的结果却是 None。下面是我在GitHub Actions工作流中设置环境变量的方式:
这是我的Python代码片段:
from pymongo import MongoClient
import os
try:
user = os.environ.get("MONGO_USER")
password = os.environ.get("MONGO_PASSWORD")
host = os.environ.get("MONGO_HOST")
dbname = os.environ.get("MONGO_DBNAME")
collection_name = os.environ.get("MONGO_COLLECTION_NAME")
app_name = os.environ.get("MONGO_APP_NAME")
uri = f"mongodb+srv://{user}:{password}@{host}/{dbname}?retryWrites=true&w=majority&appName={app_name}&tls=true"
print(uri)
client = MongoClient(uri)
client.admin.command('ping')
print("Pinged your deployment. You successfully connected to MongoDB!")
# Complétez cette liste avec les symboles réels
symboles = ["MC.PA", "RMS.PA", "OR.PA", "CDI.PA", "TTE.PA", "AIR.PA", "SU.PA", "SAN.PA", "AI.PA", "EL.PA", "SAF.PA",
"CS.PA", "DG.PA", "BNP.PA", "DSY.PA", "KER.PA",
"BN.PA"]
except Exception as e:
print(e)
main.yml
on:
workflow_dispatch: # Permet le déclenchement manuel
schedule:
- cron: '0 9 * * *' # Exécute tous les jours à 9h00 UTC
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Update SSL Certificates
run: sudo apt-get update && sudo apt-get install -y ca-certificates
- name: Update certifi
run: pip install --upgrade certifi
- name: Install dependencies
run: |
pip install pymongo
pip install yfinance
# Ajoutez ici d'autres dépendances si nécessaire
- name: Testing Secrets
run: |
echo "$MONGO_USER"
echo "$MONGO_PASSWORD"
echo "$MONGO_HOST"
echo "$MONGO_DBNAME"
echo "$MONGO_COLLECTION_NAME"
echo "$MONGO_APP_NAME"
env:
MONGO_USER: ${{ secrets.MONGO_USER }}
MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }}
MONGO_HOST: ${{ secrets.MONGO_HOST }}
MONGO_DBNAME: ${{ secrets.MONGO_DBNAME }}
MONGO_COLLECTION_NAME: ${{ secrets.MONGO_COLLECTION_NAME }}
MONGO_APP_NAME: ${{ secrets.MONGO_APP_NAME }}
- name: Execute update_data.py
run: python API/update_data.py
data.py
import os
print("MONGO_USER:", os.environ.get("MONGO_USER"))
我的变量
Traceback (most recent call last):
File "/home/runner/work/bourses/bourses/API/update_data.py", line 19, in <module>
client = MongoClient(uri)
MONGO_USER: None
^^^^^^^^^^^^^^^^
File "/opt/hostedtoolcache/Python/3.11.8/x64/lib/python3.11/site-packages/pymongo/mongo_client.py", line 771, in __init__
res = uri_parser.parse_uri(
^^^^^^^^^^^^^^^^^^^^^
File "/opt/hostedtoolcache/Python/3.11.8/x64/lib/python3.11/site-packages/pymongo/uri_parser.py", line 557, in parse_uri
dns_resolver = _SrvResolver(fqdn, connect_timeout, srv_service_name, srv_max_hosts)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/hostedtoolcache/Python/3.11.8/x64/lib/python3.11/site-packages/pymongo/srv_resolver.py", line 81, in __init__
raise ConfigurationError(_INVALID_HOST_MSG % (fqdn,))
pymongo.errors.ConfigurationError: Invalid URI host: none is not a valid hostname for 'mongodb+srv://'. Did you mean to use 'mongodb://'?
Error: Process completed with exit code 1.
尽管进行了这些配置,user 最终还是变成了 None。有没有人遇到过这个问题?我该如何确保我的Python脚本能够正确访问秘密值呢?
1 个回答
0
问题
如果你只测试了自己之前的简单例子,你就能发现这个问题了。
之前你有这样的代码:
- name: Execute update_data.py
env:
MONGO_USER: ${{ secrets.MONGO_USER }}
run: python API/update_data.py
这个是可以正常工作的。
现在你的完整例子相当于这个:
- name: Testing Secrets
run: |
echo "$MONGO_USER"
env:
MONGO_USER: ${{ secrets.MONGO_USER }}
- name: Execute update_data.py
run: python API/update_data.py
如果你只在一个步骤中提供了 env,那么它只在那个步骤中有效。每个以 - name 开头的块(更准确地说,是以 - 开头的)都是一个新的步骤。
解决方案
选项 1:把 env 移到构建层级
jobs:
build:
runs-on: ubuntu-latest
env:
MONGO_USER: ${{ secrets.MONGO_USER }}
steps:
...
- name: Execute update_data.py
run: python API/update_data.py
选项 2:把 env 移到正确的步骤
steps:
...
- name: Execute update_data.py
env:
MONGO_USER: ${{ secrets.MONGO_USER }}
run: python API/update_data.py