{"id":31742918,"url":"https://github.com/dmno-dev/varlock-action","last_synced_at":"2025-10-09T11:20:11.012Z","repository":{"id":313124090,"uuid":"1049902141","full_name":"dmno-dev/varlock-action","owner":"dmno-dev","description":"validate and load your environment variables using varlock in GitHub Actions","archived":false,"fork":false,"pushed_at":"2025-09-17T20:43:05.000Z","size":90,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-17T22:31:21.445Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://varlock.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmno-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-03T16:57:52.000Z","updated_at":"2025-09-04T01:52:38.000Z","dependencies_parsed_at":"2025-09-04T04:25:22.180Z","dependency_job_id":"9de3c9d5-5205-4dc9-a9d2-2ebafc6ad6f8","html_url":"https://github.com/dmno-dev/varlock-action","commit_stats":null,"previous_names":["dmno-dev/varlock-action"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dmno-dev/varlock-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmno-dev","download_url":"https://codeload.github.com/dmno-dev/varlock-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001290,"owners_count":26083058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-09T11:20:08.272Z","updated_at":"2025-10-09T11:20:11.001Z","avatar_url":"https://github.com/dmno-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Varlock GitHub Action\n\nA GitHub Action that loads and validates environment variables using [varlock](https://github.com/dmno-dev/varlock). This action automatically detects varlock installations or .env.schema/.env.* files and loads validated environment variables into the GitHub Actions environment.\n\n## Features\n\n- 🔍 **Automatic detection**: Checks for varlock installation or compatible env files\n- 📦 **Auto-installation**: Installs varlock if not found\n- 🔒 **Schema validation**: Validates environment variables against your schema\n- 📋 **Summary output**: Provides detailed summaries of loaded variables\n- ⚙️ **Flexible configuration**: Supports different output formats and environments\n- ✅ **All .env.\\* files are supported**: You can use any .env.* file to load environment variables (not just .env.schema)\n\n## Usage\n\n### Basic Usage\n\n```yaml\nname: Load Environment Variables\non: [push, pull_request]\n\npermissions:\n  contents: read\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Load environment variables\n        uses: dmno-dev/varlock-github-action@v1\n      \n      - name: Use loaded variables\n        run: |\n          echo \"Database URL: $DATABASE_URL\"\n          echo \"API Key: $API_KEY\"\n```\n\n### With Custom Configuration\n\n```yaml\nname: Load Environment Variables\non: [push, pull_request]\n\npermissions:\n  contents: read\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Set environment flag\n        run: echo \"APP_ENV=production\" \u003e\u003e $GITHUB_ENV\n      \n      - name: Load environment variables\n        uses: dmno-dev/varlock-github-action@v1\n        with:\n          working-directory: './config'\n          show-summary: 'true'\n          fail-on-error: 'true'\n      \n      - name: Use loaded variables\n        run: |\n          echo \"Environment loaded successfully\"\n```\n\n## Inputs\n\n| Input | Description | Required | Default |\n|-------|-------------|----------|---------|\n| `working-directory` | Directory containing @env-spec files | No | `.` |\n| `show-summary` | Show a summary of loaded environment variables | No | `true` |\n| `fail-on-error` | Fail the action if validation errors are found | No | `true` |\n| `output-format` | Format for environment variable output (env, json) | No | `env` |\n\n## Outputs\n\n| Output | Description |\n|--------|-------------|\n| `summary` | Summary of loaded environment variables |\n| `error-count` | Number of validation errors found |\n| `json-env` | JSON blob containing all environment variables (only available when output-format is \"json\") |\n\n### Example .env.schema file\n\n```env\n# @generateTypes(lang='ts', path='env.d.ts')\n# @defaultSensitive=false\n# @envFlag=APP_ENV\n# ---\n\n# --- Database configuration ---\n# Database connection URL\n# @required @sensitive @type=string(startsWith=\"postgresql://\")\n# @docsUrl=https://docs.varlock.dev/guides/environments\nDATABASE_URL=encrypted(\"postgresql://user:pass@localhost:5432/db\")\n\n# Redis connection URL\n# @required @sensitive @type=string(startsWith=\"redis://\")\nREDIS_URL=encrypted(\"redis://localhost:6379\")\n\n# --- API configuration ---\n# API secret key for authentication\n# @required @sensitive @type=string(startsWith=\"sk_\")\nAPI_KEY=encrypted(\"sk-1234567890abcdef\")\n\n# --- Application settings ---\n# Enable debug mode\n# @example=false\nDEBUG=false\n\n# Server port number\n# @example=3000\nPORT=3000\n\n# Application environment\n# @example=development\nNODE_ENV=development\n```\n\n## Examples\n\n### Basic CI/CD Pipeline\n\n```yaml\nname: CI/CD Pipeline\non: [push, pull_request]\n\npermissions:\n  contents: read\n\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Load environment variables\n        uses: dmno-dev/varlock-github-action@v1\n      \n      - name: Run tests\n        run: npm test\n        env:\n          NODE_ENV: test\n      \n      - name: Build application\n        run: npm run build\n```\n\n### Multi-Environment Deployment\n\n```yaml\nname: Deploy\non:\n  push:\n    branches: [main, staging]\n\npermissions:\n  contents: read\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Set environment flag\n        run: |\n          if [ \"${{ github.ref }}\" = \"refs/heads/main\" ]; then\n            echo \"APP_ENV=production\" \u003e\u003e $GITHUB_ENV\n          else\n            echo \"APP_ENV=staging\" \u003e\u003e $GITHUB_ENV\n          fi\n      \n      - name: Load environment variables\n        uses: dmno-dev/varlock-github-action@v1\n        with:\n          show-summary: 'true'\n      \n      - name: Deploy to environment\n        run: |\n          echo \"Deploying to $NODE_ENV\"\n          # Your deployment script here\n```\n\n### With Custom Working Directory\n\n```yaml\nname: Load Environment Variables\non: [push, pull_request]\n\npermissions:\n  contents: read\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Set environment flag\n        run: echo \"APP_ENV=production\" \u003e\u003e $GITHUB_ENV\n      \n      - name: Load environment variables\n        uses: dmno-dev/varlock-github-action@v1\n        with:\n          working-directory: './config/environments'\n      \n      - name: Use loaded variables\n        run: |\n          echo \"Database: $DATABASE_URL\"\n          echo \"Redis: $REDIS_URL\"\n```\n\n## Error Handling\n\nThe action provides comprehensive error handling:\n\n- **Validation Errors**: Fails if required variables are missing or invalid (configurable)\n- **Schema Errors**: Fails if schema file has syntax errors\n- **Installation Errors**: Fails if varlock cannot be installed\n- **File Not Found**: Warns if no .env.* files are detected\n\n### Error Output Example\n\n```yaml\n- name: Load environment variables\n  uses: dmno-dev/varlock-github-action@v1\n  with:\n    fail-on-error: 'false'  # Continue on validation errors\n    show-summary: 'true'\n```\n\n## Security Features\n\nThis action leverages varlock's security features:\n\n- **Sensitive Data Protection**: Variables marked with `@sensitive` are automatically exported as GitHub secrets, preventing them from appearing in logs\n- **Schema Validation**: Ensures all required variables are present and valid\n- **Type Safety**: Validates variable types (string, number, boolean, enum)\n- **Environment Isolation**: Supports different environments with different schemas\n- **Third Party Secrets Support**: Loads secrets from third party secrets providers like 1Password, LastPass, etc.\n  - Note: any CLIs you need to retrieve third party secrets will also need to be installed\n- **Automatic Secret Masking**: Sensitive values are automatically masked in GitHub Actions logs using `core.setSecret()`\n\n## Output Formats\n\nThe action always uses varlock's `json-full` format internally to get complete information including sensitive flags. The `output-format` parameter determines how the final output is presented:\n\n- **`env`** (default): Exports variables as environment variables and secrets\n  - Non-sensitive values are exported as regular environment variables\n  - Sensitive values are exported as both secrets (for masking) and environment variables (for use)\n- **`json`**: Outputs a single JSON blob with all environment variables\n  - Available as the `json-env` action output\n  - Useful for passing to other tools or storing as artifacts\n\n## Sensitive Data Handling\n\nThe action automatically detects and handles sensitive environment variables based on your `.env.schema` configuration:\n\n### How it works:\n\n1. **Detection**: Variables marked with `@sensitive` decorator in your schema are identified\n2. **Secret Export**: Sensitive values are exported using `core.setSecret()` to mask them in logs\n3. **Environment Variables**: Both sensitive and non-sensitive values are available as environment variables in subsequent steps\n\n### Example Schema:\n\n```env-spec\n# @defaultSensitive=false\n# ---\n# Public configuration\nNODE_ENV=development\nAPI_URL=https://api.example.com\n\n# Sensitive configuration\n# @sensitive\nDATABASE_PASSWORD=your-secure-password\n# @sensitive\nAPI_KEY=sk-1234567890abcdef\n```\n\n### In GitHub Actions:\n\n```yaml\n- name: Load environment variables\n  uses: dmno-dev/varlock-github-action@v1\n\n- name: Use variables\n  run: |\n    echo \"Environment: $NODE_ENV\"           # Visible in logs\n    echo \"API URL: $API_URL\"               # Visible in logs\n    echo \"Database: $DATABASE_PASSWORD\"    # Masked in logs\n    echo \"API Key: $API_KEY\"               # Masked in logs\n```\n\nThe sensitive values (`DATABASE_PASSWORD` and `API_KEY`) will be automatically masked in the GitHub Actions logs, while non-sensitive values remain visible for debugging purposes.\n\n### JSON Output Format\n\n```yaml\n- name: Load environment variables as JSON\n  uses: dmno-dev/varlock-github-action@v1\n  with:\n    output-format: 'json'\n  id: varlock\n\n- name: Use JSON output\n  run: |\n    echo \"JSON output: ${{ steps.varlock.outputs.json-env }}\"\n    \n    # Parse and use specific values\n    echo \"Database URL: $(echo '${{ steps.varlock.outputs.json-env }}' | jq -r '.DATABASE_URL')\"\n```\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for more details.\n\n## License\n\nMIT License - see the [varlock repository](https://github.com/dmno-dev/varlock) for details. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmno-dev%2Fvarlock-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmno-dev%2Fvarlock-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmno-dev%2Fvarlock-action/lists"}