This guide explains how to set environment variables in CI/CD workflows for job-specific and global configurations while ensuring security and proper scoping.
Environment variables play a critical role in configuring your CI/CD workflows. They can be defined either globally for all jobs or specifically for an individual job. This guide explains how to set these variables effectively within your workflow file while keeping them secure and appropriately scoped.
Defining environment variables at the job level ensures that they are accessible only within that particular job. For instance, if you have a job named “job1”, you can set a variable by adding an env section to that job. In the following example, the environment variable for the database hostname is set to “localhost”:
In this scenario, the variable DATABASE_HOSTNAME is limited to job1. When you need to add other environment-specific variables, follow the same approach to ensure each variable is available only where necessary.
You can also set multiple environment variables dynamically based on certain conditions. Consider the example below in which a job runs only on a specific day:
Copy
Ask AI
jobs: weekday_job: runs-on: ubuntu-latest steps: - name: "Hello world when it's Monday" if: ${{ env.DAY_OF_WEEK == 'Mon' }} run: echo "Hello ${{ steps.firstname.outputs.middle_name }} ${{ steps.firstname.outputs.last_name }}, today is Monday!" env: FIRST_NAME: Mona middle_name: The LAST_NAME: Octocat
This snippet demonstrates how to set several environment variables that the job will use if the condition evaluates to true.
For scenarios where an environment variable needs to be accessible by all jobs in your workflow, define it at the root level. The example below demonstrates setting several global environment variables:
Here, all jobs within this workflow will have access to the global environment variables. However, keep in mind that any variable set at the job level will override the global setting for that job only.
It is crucial to avoid hardcoding sensitive information such as database credentials or secret keys in your repository. For improved security, store such data as encrypted secrets in your CI/CD system so that they remain concealed yet accessible during runtime.
When testing your workflow, you might encounter issues, especially if your runner lacks the necessary infrastructure. For example, if an environment variable points to a local database (localhost) that isn’t actually available on the runner, you may see SQLAlchemy connection failures:
Copy
Ask AI
Error: Process completed with exit code 4.
This behavior is expected when using a temporary environment like a fresh runner. To resolve this, consider setting up a temporary database on the runner or configure the workflow to use a remote database service (such as on Heroku or AWS).Below is a snippet from a typical runner log, indicating that the environment variables are correctly used as it installs dependencies and executes tests:
Environment variables in your CI/CD workflows can be defined at both the job and global levels, providing flexibility and scope isolation. Job-specific variables ensure that only relevant jobs have access, whereas global variables facilitate shared configurations across multiple jobs. Tailor your environment setup according to your testing environment and security requirements.Happy coding!
