Github actions sometimes is just odd. If you try to make your API calls works without a personal access token, you’ll find yourself at a crazy landscape of ‘application tokens’.
It’s surprisingly tricky, if you want to work with env variables.
After some clumsiness around exec-env I settle down on this snippet:
- name: Add secrets run: | echo "::add-mask::$(sops exec-file secrets.env…
When someone write a lot in JS, JS starts to consume that person. Github is a good example of such. (When you spoke to JS-digested people about inconsistencies and type systems, they usually can’t even see the issue).
It’s my first success. I can’t say if it’s ‘best practice’ or not. It works and I love it.