代码之家 › 专栏 › 技术社区 › Kay

如何将github秘密变量导入文件

github-actions kubectl

0

Kay · 技术社区 · 4 年前

/home/runner/work/_temp/c6144b9a-c8e3-489a-ae97-795f592c57f0.sh: line 6: /config: Permission denied
echo: write error: Broken pipe


name: pipeline

on: [ push ]

env:

  KUBECONFIG_B64DATA: ${{ secrets.KUBECONFIG_B64DATA }}

  deploy:
    name: Deploy
    # if: startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@master

    - name: Setup Kubectl
      run: |
        sudo apt-get -y install curl
        curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
        chmod +x ./kubectl
        sudo mv ./kubectl /usr/local/bin/kubectl
        sudo echo $KUBECONFIG_B64DATA | base64 --decode > /config
        sudo mkdir -p ~/.kube
        sudo mv config /root/.kube/

我使用另一个文件夹来获得isuses(/tmp/config)传递的权限

但是,我仍然很难将github秘密变量导入到文件中,因为github屏蔽了秘密,im返回了一个错误。

base64: invalid input

0 回复 | 直到 4 年前

1

0

smac89 4 年前

更改此行:

sudo echo $KUBECONFIG_B64DATA | base64 --decode > /config

至

sudo bash -c 'base64 --decode <<< "$KUBECONFIG_B64DATA" > /config'

或者

sudo tee /config > /dev/null < <(base64 --decode <<< "$KUBECONFIG_B64DATA")