如何在 .Renviron 文件的 GitHub Actions 工作流程中引用 GitHub Secrets
How to reference GitHub Secrets in GitHub Actions workflow for .Renviron file
您好,我即将完成使用 GitHub 操作来添加 CI / CD 步骤来部署我拥有的 R Shiny 应用程序。我遇到的问题是 R 中有一个名为 .Renviron 的文件,我用它来存储凭据以在 R 脚本中访问我的 SQL 数据库。通常我在本地部署我的应用程序,当我使用 rsconnect 包时包含这个文件,但现在我正在使用 GitHub 操作我相信我必须自己在 bash 中手动制作这个 .Renviron 文件脚本步骤。
下面是我的 github 工作流程代码目前的样子。我遇到的问题是 Create and populate .Renviron file 部分。
# Triggered on push and pull request events
on: [push, pull_request]
# Name of the workflow => usethis::use_github_actions_badge("CI-CD")
name: CI-CD
jobs:
CI-CD:
runs-on: ${{ matrix.config.os }}
name: ${{ matrix.config.os }} (${{ matrix.config.r }})
strategy:
# we keep a matrix for convenience, but we would typically just run on one
# single OS and R version, aligned with the target deployment environment
matrix:
config:
- {os: ubuntu-20.04, r: 'release', rspm: "https://packagemanager.rstudio.com/cran/__linux__/focal/latest"}
env:
# Enable RStudio Package Manager to speed up package installation
RSPM: ${{ matrix.config.rspm }}
# Access token for GitHub
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Setup R
uses: r-lib/actions/setup-r@v1
with:
r-version: ${{ matrix.config.r }}
- name: Query R dependencies
run: |
install.packages('remotes')
saveRDS(remotes::dev_package_deps(dependencies = TRUE), ".github/depends.Rds", version = 2)
writeLines(sprintf("R-%i.%i", getRversion()$major, getRversion()$minor), ".github/R-version")
shell: Rscript {0}
- name: Cache R packages
uses: actions/cache@v2
with:
path: ${{ env.R_LIBS_USER }}
key: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-${{ hashFiles('.github/depends.Rds') }}
restore-keys: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-
- name: Install system dependencies
run: |
while read -r cmd
do
eval sudo $cmd
done < <(Rscript -e 'writeLines(remotes::system_requirements("ubuntu", "20.04"))')
- name: Install R dependencies
run: |
remotes::install_deps(dependencies = TRUE)
remotes::install_cran("rcmdcheck")
shell: Rscript {0}
- name: Create and populate .Renviron file
run: |
echo aws_host="$AWS_HOST" >> ~/.Renviron
echo aws_port="$AWS_PORT" >> ~/.Renviron
echo aws_pw="$AWS_PW" >> ~/.Renviron
echo aws_user="$AWS_USER" >> ~/.Renviron
echo dbname="$DBNAME" >> ~/.Renviron
shell: bash
- name: Check package
run: |
options(crayon.enabled = TRUE) # enable colorful R CMD check output
rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
shell: Rscript {0}
- name: Deploy to shinyapps.io
# continuous deployment only for pushes to the main / master branch
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
env:
SHINYAPPS_ACCOUNT: ${{ secrets.SHINYAPPS_ACCOUNT }}
SHINYAPPS_TOKEN: ${{ secrets.SHINYAPPS_TOKEN }}
SHINYAPPS_SECRET: ${{ secrets.SHINYAPPS_SECRET }}
run: Rscript deploy/deploy-shinyapps.R
我将所有这些变量存储在 GitHub 秘密中,但我仍然无法让我的 Shiny 应用程序通过 .Renviron 文件访问任何这些凭据。我相信访问这些 GitHub 秘密的语法与普通的 ${{ secrets.my_secret }} 不同,因为它在 bash 脚本中。
.Renviron 文件的文件位置也很重要,它应该在 GitHub 存储库中其他所有内容所在的根目录中。我不确定如何知道/确认它是否在正确的位置。
如果有人对如何使用 GitHub 秘密正确创建此 .Renviron 文件并将其放置在我的目录的根目录有任何建议,我将不胜感激!
你是对的,你 can't use ${{ secrets.my_secret }} 在 bash 脚本中。
That won’t work, because “${{ }}” and the “secrets” variable are GitHub Actions constructs that Bash doesn’t understand. You’ll have to pass the secret to your step as an environment variable:
但是,您也可以像在上一步中那样使用 env 映射。应该是这样的:
- name: Create and populate .Renviron file
run: |
echo aws_host="$MAPPED_AWS_HOST" >> ~/.Renviron
echo aws_port="$MAPPED_AWS_PORT " >> ~/.Renviron
echo aws_pw="$MAPPED_AWS_PW" >> ~/.Renviron
echo aws_user="$MAPPED_AWS_USER" >> ~/.Renviron
echo dbname="$MAPPED_DBNAME" >> ~/.Renviron
shell: bash
env:
MAPPED_AWS_HOST: ${{ secrets.AWS_HOST}}
MAPPED_AWS_PORT : ${{ secrets.AWS_PORT }}
MAPPED_AWS_PW: ${{ secrets.AWS_PW }}
MAPPED_AWS_USER: ${{ secrets.AWS_USER}}
MAPPED_DBNAME: ${{ secrets.DBNAME}}
您好,我即将完成使用 GitHub 操作来添加 CI / CD 步骤来部署我拥有的 R Shiny 应用程序。我遇到的问题是 R 中有一个名为 .Renviron 的文件,我用它来存储凭据以在 R 脚本中访问我的 SQL 数据库。通常我在本地部署我的应用程序,当我使用 rsconnect 包时包含这个文件,但现在我正在使用 GitHub 操作我相信我必须自己在 bash 中手动制作这个 .Renviron 文件脚本步骤。
下面是我的 github 工作流程代码目前的样子。我遇到的问题是 Create and populate .Renviron file 部分。
# Triggered on push and pull request events
on: [push, pull_request]
# Name of the workflow => usethis::use_github_actions_badge("CI-CD")
name: CI-CD
jobs:
CI-CD:
runs-on: ${{ matrix.config.os }}
name: ${{ matrix.config.os }} (${{ matrix.config.r }})
strategy:
# we keep a matrix for convenience, but we would typically just run on one
# single OS and R version, aligned with the target deployment environment
matrix:
config:
- {os: ubuntu-20.04, r: 'release', rspm: "https://packagemanager.rstudio.com/cran/__linux__/focal/latest"}
env:
# Enable RStudio Package Manager to speed up package installation
RSPM: ${{ matrix.config.rspm }}
# Access token for GitHub
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Setup R
uses: r-lib/actions/setup-r@v1
with:
r-version: ${{ matrix.config.r }}
- name: Query R dependencies
run: |
install.packages('remotes')
saveRDS(remotes::dev_package_deps(dependencies = TRUE), ".github/depends.Rds", version = 2)
writeLines(sprintf("R-%i.%i", getRversion()$major, getRversion()$minor), ".github/R-version")
shell: Rscript {0}
- name: Cache R packages
uses: actions/cache@v2
with:
path: ${{ env.R_LIBS_USER }}
key: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-${{ hashFiles('.github/depends.Rds') }}
restore-keys: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-
- name: Install system dependencies
run: |
while read -r cmd
do
eval sudo $cmd
done < <(Rscript -e 'writeLines(remotes::system_requirements("ubuntu", "20.04"))')
- name: Install R dependencies
run: |
remotes::install_deps(dependencies = TRUE)
remotes::install_cran("rcmdcheck")
shell: Rscript {0}
- name: Create and populate .Renviron file
run: |
echo aws_host="$AWS_HOST" >> ~/.Renviron
echo aws_port="$AWS_PORT" >> ~/.Renviron
echo aws_pw="$AWS_PW" >> ~/.Renviron
echo aws_user="$AWS_USER" >> ~/.Renviron
echo dbname="$DBNAME" >> ~/.Renviron
shell: bash
- name: Check package
run: |
options(crayon.enabled = TRUE) # enable colorful R CMD check output
rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
shell: Rscript {0}
- name: Deploy to shinyapps.io
# continuous deployment only for pushes to the main / master branch
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
env:
SHINYAPPS_ACCOUNT: ${{ secrets.SHINYAPPS_ACCOUNT }}
SHINYAPPS_TOKEN: ${{ secrets.SHINYAPPS_TOKEN }}
SHINYAPPS_SECRET: ${{ secrets.SHINYAPPS_SECRET }}
run: Rscript deploy/deploy-shinyapps.R
我将所有这些变量存储在 GitHub 秘密中,但我仍然无法让我的 Shiny 应用程序通过 .Renviron 文件访问任何这些凭据。我相信访问这些 GitHub 秘密的语法与普通的 ${{ secrets.my_secret }} 不同,因为它在 bash 脚本中。
.Renviron 文件的文件位置也很重要,它应该在 GitHub 存储库中其他所有内容所在的根目录中。我不确定如何知道/确认它是否在正确的位置。
如果有人对如何使用 GitHub 秘密正确创建此 .Renviron 文件并将其放置在我的目录的根目录有任何建议,我将不胜感激!
你是对的,你 can't use ${{ secrets.my_secret }} 在 bash 脚本中。
That won’t work, because “${{ }}” and the “secrets” variable are GitHub Actions constructs that Bash doesn’t understand. You’ll have to pass the secret to your step as an environment variable:
但是,您也可以像在上一步中那样使用 env 映射。应该是这样的:
- name: Create and populate .Renviron file
run: |
echo aws_host="$MAPPED_AWS_HOST" >> ~/.Renviron
echo aws_port="$MAPPED_AWS_PORT " >> ~/.Renviron
echo aws_pw="$MAPPED_AWS_PW" >> ~/.Renviron
echo aws_user="$MAPPED_AWS_USER" >> ~/.Renviron
echo dbname="$MAPPED_DBNAME" >> ~/.Renviron
shell: bash
env:
MAPPED_AWS_HOST: ${{ secrets.AWS_HOST}}
MAPPED_AWS_PORT : ${{ secrets.AWS_PORT }}
MAPPED_AWS_PW: ${{ secrets.AWS_PW }}
MAPPED_AWS_USER: ${{ secrets.AWS_USER}}
MAPPED_DBNAME: ${{ secrets.DBNAME}}