2

I have the following GitHub Actions, I want to pass lastNotificationMessage from deploy job to the next job (for the details please check the screenshots):

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Get last notification
        if: always()
        id: notification
        timeout-minutes: 1
        run: |
          LAST_NOTIFICATION=$(app get-last-notification)
          echo "$LAST_NOTIFICATION"
          echo "CUSTOM_LAST_NOTIFICATION=$LAST_NOTIFICATION" >> $GITHUB_ENV

    outputs:
      lastNotificationMessage: ${{ env.CUSTOM_LAST_NOTIFICATION }}
      # otherVariable: other value
      # otherVariable: other value
      # otherVariable: other value
      # otherVariable: other value
      # otherVariable: other value
      # otherVariable: other value


  notification:
    runs-on: ubuntu-latest
    needs: deploy
    if: always()

    steps:
      - name: Notification
        timeout-minutes: 1
        run: |
          app send-notification \
            --last-message "$LAST_NOTIFICATION_MESSAGE"
        env:
          LAST_NOTIFICATION_MESSAGE: ${{ needs.deploy.outputs.lastNotificationMessage }}

When I echo it on the first job, it already has value (it's in base64url-encoded format to make sure it doesn't have any dangerous character).

But on the next job, When I check it in the job output, it's alway empty. I can see that the other variables have correct value also.

What is the issue here and how can I fix it?

Below is the screenshot:

deploy job:

enter image description here

notification job:

enter image description here

Other method suggested by @Shayki which I tried but not success:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy
        id: deployToCloud
        timeout-minutes: 1
        run: |
          echo "deploymentId=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT

      - name: Get last notification
        if: always()
        id: lastNotification
        timeout-minutes: 1
        run: |
          LAST_NOTIFICATION=$(app get-last-notification)
          echo "$LAST_NOTIFICATION"
          echo "lastNotificationMessage=$LAST_NOTIFICATION" >> $GITHUB_OUTPUT

    outputs:
      deploymentId: ${{ steps.deployToCloud.outputs.deploymentId }}
      lastNotificationMessage: ${{ steps.lastNotification.outputs.lastNotificationMessage }}

  notification:
    runs-on: ubuntu-latest
    needs: deploy
    if: always()

    steps:
      - name: Notification
        timeout-minutes: 1
        run: |
          app send-notification \
            --last-message "$LAST_NOTIFICATION_MESSAGE"
        env:
          DEPLOYMENT_ID: ${{ needs.deploy.outputs.deploymentId }}
          LAST_NOTIFICATION_MESSAGE: ${{ needs.deploy.outputs.lastNotificationMessage }}

deploy step:

enter image description here

next step:

enter image description here

Improve this question
9
  • docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs Commented Jul 9, 2024 at 7:22
  • @jonrsharpe I tried the method in your link, but also doesn't work. The method I used in the question is works for other steps and variables. I'm not sure why. The only different is the Get last notification set to always run regardless the result of other steps. Commented Jul 9, 2024 at 7:48
  • @Horizon can you share your try with $GITHUB_OUTPUT? Commented Jul 9, 2024 at 8:04
  • @ShaykiAbramczyk please check my updated question, which include $GITHUB_OUTPUT. I use the same method for DEPLOYMENT_ID and LAST_NOTIFICATION_MESSAGE but only the first variable have value on the next step. Commented Jul 9, 2024 at 8:33
  • 1
    @Horizon nice catch! Commented Jul 10, 2024 at 8:17

2 Answers 2

Reset to default
2

I found the reason:

The value stored in the variable contains the base64url encoded of one secret key. I thought github will not smart enough to detect it, but it does.

GitHub doesn't allow passing variable that contains secret value from one job to other jobs. It already tell in in the summary but I miss it:

Skip output 'lastNotificationMessage' since it may contain secret.

Since I cannot pass the variable to the next jobs, I print it to the console for checking only, my final code will not contains those echoes.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this was my case - it was a secret
0

There logic in your workflow looks correct. I tried running it with some simplification and was able to see the value in both jobs printed in GitHub logs.

name: output

on:
  workflow_dispatch

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Get last notification
        if: always()
        id: notification
        timeout-minutes: 1
        run: |
          LAST_NOTIFICATION=1234567890
          echo "$LAST_NOTIFICATION"
          echo "CUSTOM_LAST_NOTIFICATION=$LAST_NOTIFICATION" >> $GITHUB_ENV
    outputs:
      lastNotificationMessage: ${{ env.CUSTOM_LAST_NOTIFICATION }}

  notification:
    runs-on: ubuntu-latest
    needs: deploy
    if: always()
    steps:
      - name: Notification
        timeout-minutes: 1
        run: |
          echo "$LAST_NOTIFICATION_MESSAGE"
        env:
          LAST_NOTIFICATION_MESSAGE: ${{ needs.deploy.outputs.lastNotificationMessage }}

deploy job output:

Run LAST_NOTIFICATION=1234567890
  LAST_NOTIFICATION=1234567890
  echo "$LAST_NOTIFICATION"
  echo "CUSTOM_LAST_NOTIFICATION=$LAST_NOTIFICATION" >> $GITHUB_ENV
  shell: /usr/bin/bash -e {0}
1234567890

notification job output:

Run echo "$LAST_NOTIFICATION_MESSAGE"
  echo "$LAST_NOTIFICATION_MESSAGE"
  shell: /usr/bin/bash -e {0}
  env:
    LAST_NOTIFICATION_MESSAGE: 1234567890
1234567890
Improve this answer

4 Comments

Please share what you get if you run the workflow from my answer
I found the reason, please check my answer. Thanks
Is this something you could put into a repo secret? How does GitHUb know that this is a secret?
in the secret I put: ENV_NAME=test (not very secret at all since my whole team know it, but I put there so later we can change the value without modifying the pipeline). the lastNotificationMessage doesn't contain the test value directly, but it's a base64url which when decoded contain the test string.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.