act icon indicating copy to clipboard operation
act copied to clipboard
verified publisher icon nektos

env file with dollar sign unexpected behaviour

Open Glydric opened this issue 2 years ago • 3 comments

Bug report info

act version:            0.2.55
GOOS:                   darwin
GOARCH:                 arm64
NumCPU:                 8
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
	/var/run/docker.sock
	$HOME/.docker/run/docker.sock
Config files:
	/Users/leonardomigliorelli/.actrc:
		-P ubuntu-latest=catthehacker/ubuntu:act-latest
		-P ubuntu-22.04=catthehacker/ubuntu:act-22.04
		-P ubuntu-20.04=catthehacker/ubuntu:act-20.04
		-P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
	Go version:            go1.20.11
	Module path:           github.com/nektos/act
	Main version:          (devel)
	Main path:             github.com/nektos/act
	Main checksum:
	Build settings:
		-buildmode:           exe
		-compiler:            gc
		-trimpath:            true
		CGO_ENABLED:          0
		GOARCH:               arm64
		GOOS:                 darwin
		vcs:                  git
		vcs.revision:         e8856f0fb00fcdd16eef2325b845f55f5d346f51
		vcs.time:             2023-08-21T16:17:06Z
		vcs.modified:         true
Docker Engine:
	Engine version:        24.0.6
	Engine runtime:        runc
	Cgroup version:        2
	Cgroup driver:         cgroupfs
	Storage driver:        overlay2
	Registry URI:          https://index.docker.io/v1/
	OS:                    Docker Desktop
	OS type:               linux
	OS version:
	OS arch:               aarch64
	OS kernel:             6.4.16-linuxkit
	OS CPU:                8
	OS memory:             1982 MB
	Security options:
		name=seccomp,profile=unconfined
		name=cgroupns

Command used with act

gh act --secret-file .env

Describe issue

When you have an env file described as this

DOLLAR=$2b$d

Like a Bcrypt salt, the $2 is completely ignored and so the first character becomes the b, this lead to problem in the testing as the hashing will fail. Keep in mind that this problem does not appear with docker environment or GitHub actions, but only using act. I tested this behavior (as you can) using the following print console.log('char:'+process.env.DOLLAR.at(0)); This bug happens also without imports and with normal node "file.js" (as you can see in workflow)

Link to GitHub repository

No response

Workflow content

on:
  push:
    
jobs:
  jest-test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Run tests
        run: node test.js
        env:
          DOLLAR: ${{ secrets.DOLLAR }}

Relevant log output

[test.yml/jest-test]   🐳  docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/1] user= workdir=
| char:b

Additional information

test.js:

console.log('char:'+process.env.DOLLAR.at(0));

Glydric avatar Dec 16 '23 11:12 Glydric

Parsing of these file is done using an external library, you will have to follow it's syntax. Please look into our wiki https://nektosact.com/beginner/index.html#envsecrets-files-structure.

If you want to use well known syntax, add the .yml file extension so act will use a yaml parser.

secrets.yml

DOLLAR: $2b$d

act --secret-file secrets.yml and it will work without surprises. Also it is easier to correctly add multiline secrets.

I hope you now understand act a little better. I prefer yaml over that godotenv mess, if you have an issue with that report it also to their bug tracker.

ChristopherHX avatar Dec 17 '23 21:12 ChristopherHX

Thanks, this fixes it, but it has to be specified right?

Glydric avatar Dec 17 '23 21:12 Glydric

it has to be specified right?

You can create a .actrc file in your repo and add a --secret-file secrets.yml line inside of it.

ChristopherHX avatar Dec 17 '23 22:12 ChristopherHX

Issue is stale and will be closed in 14 days unless there is new activity

github-actions[bot] avatar Jun 15 '24 00:06 github-actions[bot]