1

Hello Github actions community :)

I have a workflow in github actions that I don't quite understand why it is not working.

I am currently using git-secrets to encrypt my credentials using git-secrets and I am trying to decrypt them in the github actions workflow.

This is the code block that I execute when I want to decrypt the files:

- name: Reveal data
        run: |
          echo
          echo 'Before decrypt'
          ls -ls
          git secret reveal -p ${{ secrets.PASSPHRASE }} -f
          echo 'After decrypt'
          ls -ls
          git secret whoknows

Before decrypt
total 4
4 -rw-r--r-- 1 runner docker 630 Jul 18 09:39 secrets.md.secret
done. all 1 files are revealed.
After decrypt
total 4
4 -rw-r--r-- 1 runner docker 630 Jul 18 09:39 secrets.md.secret
testing@testing.com

According to github actions this works because as you can see the github actions returns 'done. all 1 files are revealed.'. However, as you can see below, no new file is being generated.

Locally it works and I get the decrypted file by running the same command.

How to reproduce it locally:

  1. Install git-secrets
  2. Create a GPG key (gpg --full-generate-key)
  3. Run 'git secret tell email-used-in-the-gpg
  4. Run 'git secret add filename
  5. Run 'git secret hide' to encrypt the file
  6. Run 'rm filename'
  7. Run 'git secret reveal' and pass the password. This will create the decrypted file

How to reproduce it in github actions:

  1. Create a new workflow
  2. Paste this step:
- name: Reveal
        run: |
          git secret reveal -p ${{ secrets.PASSPHRASE }}

Does anyone have any idea what this is about? Github Workflows does not allow file creation maybe?

Thank you very much in advance and best regards!

C.C
  • 49
  • 7
  • Perhaps add `-v` to show verbose output? – rethab Jul 18 '22 at 12:32
  • @rethab thx for your input. The -v will just display this information gpg: encrypted with rsa4096 key, ID XXXXXXXXXX, created 2022-07-18 "TestingTesting (testing) " – C.C Jul 18 '22 at 16:59
  • Does the same command work locally? What version are you using? – rethab Jul 19 '22 at 05:13
  • @rethab thanks for your input. Yes, the same command is working fine locally. Im using the latest version (0.5.0) in the workflow and locally. – C.C Jul 19 '22 at 08:59
  • Ok, can you please create a [minimal reproducer](https://stackoverflow.com/help/minimal-reproducible-example) that someone could copy & run? – rethab Jul 19 '22 at 09:22
  • @rethab The only code is the one already posted. I add a few more steps about git-secrets but there is not much more... Actually is not complicated so I don't understand where the error lies – C.C Jul 19 '22 at 20:51
  • You generated gpg secret key and the key is in your local PC. But, when you run GitHub actions the key is not exist on the GitHub runner – Hyun Seok Jeong Nov 14 '22 at 09:20

0 Answers0