3

I have this GitHub workflow that I need to parameterize on which runners runs. So in the YAML file I tried:

# ... 
jobs: 
  process:
    name: Process
    runs-on: ${{ secrets.GH_RUNNER_TAG }}
# ...

However, I get this error:

The workflow is not valid. .github/workflows/action.yml (Line: 12, Col: 14): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.GH_RUNNER_TAG

Is the secrets injection not available for this element? Is there some other alternative? The value does not need to be a secret but I need to have it in one place and not edit hundreds of YAML files everytime the runner tag would change...

EDIT1: I've tried, as GuiFalourd suggested, to create an environment variable at the workflow level which would hold the secret:

env:
  RUNNER_LABEL: ${{ secrets.GH_RUNNER_TAG }}

jobs:
  analyze:
    name: Analyze
    runs-on: $RUNNER_LABEL

And it doesn't work. The action gets stuck. I tried using:

$RUNNER_LABEL -> gets stuck "$RUNNER_LABEL" -> gets stuck, too ${{ env.RUNNER_LABEL }} -> action does not start, outputs error:

The workflow is not valid. .github/workflows/action.yml (Line: 14, Col: 14): Unrecognized named-value: 'env'. Located at position 1 within expression: env.RUNNER_LABEL

Furthermore, I've checked that the env var is properly assigned, by placing a valid, hard-coded value for runs-on and setting first step as:

steps:
  - name: Test
    run: echo "$RUNNER_LABEL"

which produces "***" - proof that a secret has been output and redacted automatically by GitHub.

Andrei Rînea
  • 20,288
  • 17
  • 117
  • 166
  • 2
    The secret syntax can't be used directly at every workflow / job level ([example](https://docs.github.com/en/enterprise-cloud@latest/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)). Did you try setting it as a **env variable** at the workflow level, and then use `runs-on: ${{ env.GH_RUNNER_TAG }}` instead of directly using the secret? – GuiFalourd Jun 15 '22 at 18:45
  • Thanks @GuiFalourd ! I've tried several combintions (see the "EDIT1" in my question) but couldn't get anything to work.. – Andrei Rînea Jun 16 '22 at 21:28
  • 2
    It was a good try, too bad it didn't work. I tried different implementations as well (such as mixing matrix secrets and envs). Unfortunately, it seems the Github actions workflow interpreter doesn't support using secrets or envs at the `runs-on` job level at the moment – GuiFalourd Jun 17 '22 at 11:29
  • @GuiFalourd: Indeed, and thanks for your effort! – Andrei Rînea Jun 17 '22 at 15:00
  • could you Try this ? : ``` env: RUNNER_LABEL: ${{ secrets.GH_RUNNER_TAG }} jobs: analyze: name: Analyze runs-on: ${{ env.RUNNER_LABEL }} ``` – koss May 02 '23 at 00:16

2 Answers2

2

This is achievable using Reusable Workflow by configuring the "called" workflow to accept inputs from the caller.

The main pipeline which we can name it as "process" will use a shared codebase/pipeline lets call it "common" which can accept inputs, one of these inputs can be the runs-on value.

For example

# common.yml
name: parameterized job
on:
  workflow_call:
    inputs:
      runner:
        required: true
        type: string
jobs:
  common:
    name: Common
    runs-on: ${{ inputs.runner }}
    steps:
      - run: echo "Hello World"

# process.yml
name: process
on:
  push:

jobs:
  process:
    uses: username/repo/.github/workflows/common.yml@branch
    with:
      runner: machine_with_specific_label # using ${{ env.MY_RUNNER_LABEL }} is possible as well
Mostafa Hussein
  • 11,063
  • 3
  • 36
  • 61
0

Try this :

env:
  RUNNER_LABEL: ${{ secrets.GH_RUNNER_TAG }}

jobs:
  analyze:
    name: Analyze
    runs-on: ${{ env.RUNNER_LABEL }}
koss
  • 107
  • 1
  • 7