starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 01:15:51 +03:00

[GH-ISSUE #230] Secrets are case sensitive #157

New issue

Closed

opened 2026-03-01 21:40:43 +03:00 by kerem · 12 comments

kerem commented

2026-03-01 21:40:43 +03:00

Owner

Originally created by @mheap on GitHub (May 11, 2020).
Original GitHub issue: https://github.com/nektos/act/issues/230

When running a workflow with act, the casing I specify with -s CASED_SECRET=abc123 is the only one available in my workflows.

For example:

steps:
  - uses: my/action@master
    with:
      not_working: ${{ secrets.cased_secret }}
      working: ${{ secrets.CASED_SECRET }}

In this workflow, not_working is an empty string whilst working returns abc123 as expected.

When running this on Actions, both not_working and working have the value abc123

Details

act version 0.2.8
MacOS 10.15.4
go version go1.14.2 darwin/amd64

Full command:

act -j output-debug -W ~/development/oss/action-test/.github/workflows pull_request -e ~/development/oss/action-test/event.json

Originally created by @mheap on GitHub (May 11, 2020). Original GitHub issue: https://github.com/nektos/act/issues/230 When running a workflow with `act`, the casing I specify with `-s CASED_SECRET=abc123` is the only one available in my workflows. For example: ```yaml steps: - uses: my/action@master with: not_working: ${{ secrets.cased_secret }} working: ${{ secrets.CASED_SECRET }} ``` In this workflow, `not_working` is an empty string whilst `working` returns `abc123` as expected. When running this on Actions, both `not_working` and `working` have the value `abc123` --- ## Details * act version 0.2.8 * MacOS 10.15.4 * go version go1.14.2 darwin/amd64 Full command: ``` act -j output-debug -W ~/development/oss/action-test/.github/workflows pull_request -e ~/development/oss/action-test/event.json ```

kerem

2026-03-01 21:40:43 +03:00

closed this issue
added the
kind/bug

area/workflow

meta/resolved
labels

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Jul 13, 2020):

Issue is stale and will be closed in 7 days unless there is new activity

@github-actions[bot] commented on GitHub (Jul 13, 2020): Issue is stale and will be closed in 7 days unless there is new activity

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@mheap commented on GitHub (Jul 13, 2020):

Sorry bot, this is still a thing that we should look at

@mheap commented on GitHub (Jul 13, 2020): Sorry bot, this is still a thing that we should look at

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Sep 12, 2020):

Issue is stale and will be closed in 7 days unless there is new activity

@github-actions[bot] commented on GitHub (Sep 12, 2020): Issue is stale and will be closed in 7 days unless there is new activity

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@mheap commented on GitHub (Sep 12, 2020):

Still a thing, github-actions[bot]

@mheap commented on GitHub (Sep 12, 2020): Still a thing, github-actions[bot]

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@Jmainguy commented on GitHub (Sep 23, 2020):

To be clear, you are saying Github looks at secret Keys as case insensitive, so netkos/act needs to do the same, but currently is looking at them as case sensitive. Is that correct?

@Jmainguy commented on GitHub (Sep 23, 2020): To be clear, you are saying Github looks at secret Keys as case insensitive, so netkos/act needs to do the same, but currently is looking at them as case sensitive. Is that correct?

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Jan 8, 2021):

Issue is stale and will be closed in 7 days unless there is new activity

@github-actions[bot] commented on GitHub (Jan 8, 2021): Issue is stale and will be closed in 7 days unless there is new activity

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@mheap commented on GitHub (Jan 8, 2021):

Still a thing, 🤖

@mheap commented on GitHub (Jan 8, 2021): Still a thing, 🤖

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@catthehacker commented on GitHub (Jan 10, 2021):

@mheap what happens if the same key exists with different casing, is one of them overwritten?

@catthehacker commented on GitHub (Jan 10, 2021): @mheap what happens if the same key exists with different casing, is one of them overwritten?

kerem commented

2026-03-01 21:40:44 +03:00

Author

Owner

@mheap commented on GitHub (Jan 10, 2021):

@CatTheHacker You mean if I provide -s multiple times?

-s cased_secret=foo -s CASED_SECRET=bar

It could either throw an error or use the last defined value (bar in this case)

I'd opt for throwing an error personally

@mheap commented on GitHub (Jan 10, 2021): @CatTheHacker You mean if I provide `-s` multiple times? ``` -s cased_secret=foo -s CASED_SECRET=bar ``` It could either throw an error or use the last defined value (`bar` in this case) I'd opt for throwing an error personally

kerem commented

2026-03-01 21:40:45 +03:00

Author

Owner

@catthehacker commented on GitHub (Jan 10, 2021):

I was more curious as to what happens on GitHub Actions side when same secrets with different casing are used, but what you said can also be done.

@catthehacker commented on GitHub (Jan 10, 2021): I was more curious as to what happens on GitHub Actions side when same secrets with different casing are used, but what you said can also be done.

kerem commented

2026-03-01 21:40:45 +03:00

Author

Owner

@mheap commented on GitHub (Jan 10, 2021):

Ah - you can't specify different casings on GHA. It's normalised when you click save

@mheap commented on GitHub (Jan 10, 2021): Ah - you can't specify different casings on GHA. It's normalised when you click `save`

kerem commented

2026-03-01 21:40:45 +03:00

Author

Owner

@catthehacker commented on GitHub (Jan 10, 2021):

Currently figuring out how to make it fail at creating secrets with same name
edit: well nevermind

https://github.com/CatTheHacker/act/tree/case-insensitive-secrets
https://github.com/CatTheHacker/act/releases/tag/merged-5ad3be23

@catthehacker commented on GitHub (Jan 10, 2021): ![image](https://user-images.githubusercontent.com/31106839/104131770-dfbfc500-5378-11eb-994c-111765f0532a.png) Currently figuring out how to make it fail at creating secrets with same name edit: well nevermind ![image](https://user-images.githubusercontent.com/31106839/104131815-3af1b780-5379-11eb-9675-3a2733f7cbbd.png) https://github.com/CatTheHacker/act/tree/case-insensitive-secrets https://github.com/CatTheHacker/act/releases/tag/merged-5ad3be23

kerem referenced this issue

2026-03-01 21:42:26 +03:00

[GH-ISSUE #484] Event type auto-detection not working #333

kerem referenced this issue

2026-03-01 21:50:55 +03:00

[PR #157] [MERGED] Use “push” event workflow(s) if defined (closes #156) #1374

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#157

No description provided.

Rows
Columns