Monday, September 26, 2022

[FIXED] How to reference GitHub Secrets in GitHub Actions workflow for .Renviron file

      , , ,      No comments   

Issue

Hi I'm just about finished up using GitHub actions to add CI / CD steps to deploy an R Shiny app I have. The problem I'm having is there is a file in R called .Renviron that I use to store credentials to access a SQL DB of mine in the R script. Normally I deploy my app locally and this file is included when I use the rsconnect package, but now that I'm using GitHub actions I believe I have to make this .Renviron file manually myself in a bash script step.

Below is what my github workflow code looks like as of right now. The problem I'm having issues with is the Create and populate .Renviron file part.

# Triggered on push and pull request events
on: [push, pull_request]

# Name of the workflow => usethis::use_github_actions_badge("CI-CD")
name: CI-CD

jobs:
  CI-CD:
    runs-on: ${{ matrix.config.os }}

    name: ${{ matrix.config.os }} (${{ matrix.config.r }})

    strategy:
      # we keep a matrix for convenience, but we would typically just run on one
      # single OS and R version, aligned with the target deployment environment
      matrix:
        config:
          - {os: ubuntu-20.04, r: 'release', rspm: "https://packagemanager.rstudio.com/cran/__linux__/focal/latest"}

    env:
      # Enable RStudio Package Manager to speed up package installation
      RSPM: ${{ matrix.config.rspm }}
      # Access token for GitHub
      GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}

    steps:

      - name: Checkout repo
        uses: actions/checkout@v2

      - name: Setup R
        uses: r-lib/actions/setup-r@v1
        with:
          r-version: ${{ matrix.config.r }}

      - name: Query R dependencies
        run: |
          install.packages('remotes')
          saveRDS(remotes::dev_package_deps(dependencies = TRUE), ".github/depends.Rds", version = 2)
          writeLines(sprintf("R-%i.%i", getRversion()$major, getRversion()$minor), ".github/R-version")
        shell: Rscript {0}

      - name: Cache R packages
        uses: actions/cache@v2
        with:
          path: ${{ env.R_LIBS_USER }}
          key: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-${{ hashFiles('.github/depends.Rds') }}
          restore-keys: ${{ runner.os }}-${{ hashFiles('.github/R-version') }}-1-

      - name: Install system dependencies
        run: |
          while read -r cmd
          do
            eval sudo $cmd
          done < <(Rscript -e 'writeLines(remotes::system_requirements("ubuntu", "20.04"))')

      - name: Install R dependencies
        run: |
          remotes::install_deps(dependencies = TRUE)
          remotes::install_cran("rcmdcheck")
        shell: Rscript {0}

      - name: Create and populate .Renviron file
        run: |
          echo aws_host="$AWS_HOST" >> ~/.Renviron
          echo aws_port="$AWS_PORT" >> ~/.Renviron
          echo aws_pw="$AWS_PW" >> ~/.Renviron
          echo aws_user="$AWS_USER" >> ~/.Renviron
          echo dbname="$DBNAME" >> ~/.Renviron
        shell: bash

      - name: Check package
        run: |
          options(crayon.enabled = TRUE) # enable colorful R CMD check output
          rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
        shell: Rscript {0}

      - name: Deploy to shinyapps.io
        # continuous deployment only for pushes to the main / master branch
        if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
        env:
          SHINYAPPS_ACCOUNT: ${{ secrets.SHINYAPPS_ACCOUNT }}
          SHINYAPPS_TOKEN: ${{ secrets.SHINYAPPS_TOKEN }}
          SHINYAPPS_SECRET: ${{ secrets.SHINYAPPS_SECRET }}
        run: Rscript deploy/deploy-shinyapps.R

enter image description here

I have all of those variables stored in GitHub secrets, but I still can't get my Shiny app to access any of those credentials via the .Renviron file. I believe the syntax of accessing those GitHub secrets is different than the normal ${{ secrets.my_secret }} because it's in a bash script.

The file location of the .Renviron file is also important, it should be at root directory where everything else in the GitHub repository is located. I'm not sure how to know / confirm if it's in the right location or not.

If anyone has any advice on how to properly create this .Renviron file using GitHub secrets and place it at the root of my directory I'd appreciate it!


Solution

You are correct, you can't use ${{ secrets.my_secret }} in the bash scripts.

That won’t work, because “${{ }}” and the “secrets” variable are GitHub Actions constructs that Bash doesn’t understand. You’ll have to pass the secret to your step as an environment variable:

However, you may also use env mapping like you have in your last step. It would be like this:

      - name: Create and populate .Renviron file
        run: |
          echo aws_host="$MAPPED_AWS_HOST" >> ~/.Renviron
          echo aws_port="$MAPPED_AWS_PORT " >> ~/.Renviron
          echo aws_pw="$MAPPED_AWS_PW" >> ~/.Renviron
          echo aws_user="$MAPPED_AWS_USER" >> ~/.Renviron
          echo dbname="$MAPPED_DBNAME" >> ~/.Renviron
        shell: bash
        env:
          MAPPED_AWS_HOST: ${{ secrets.AWS_HOST}}
          MAPPED_AWS_PORT : ${{ secrets.AWS_PORT }}
          MAPPED_AWS_PW: ${{ secrets.AWS_PW }}
          MAPPED_AWS_USER: ${{ secrets.AWS_USER}}
          MAPPED_DBNAME: ${{ secrets.DBNAME}}


Answered By - Krzysztof Madej
Answer Checked By - David Marino (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...