Skip to content

ansidev/gh-env-sync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github
.github
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
DESIGN.md
DESIGN.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 

Repository files navigation

GitHub Actions Secrets & Variables Synchronization Tool

Overview

A Taskfile.dev-based tool to synchronize GitHub Actions secrets and variables from one repository to another quickly.

Features

  • List secrets/variables from source repository.
  • Synchronize variables (with values).
  • Export variables (with values) from a GitHub repository to a template file.
  • Synchronize secrets (with user-provided values via a secret file).
  • Synchronize variables (with user-provided values via a template file).

Supported levels

  • Repository.

Files Structure

.
├── Taskfile.yml  # Main task definitions
├── .env.example  # Secrets template example

Manual

Prerequisites

  • gh CLI installed and authenticated
  • task CLI installed (Taskfile.dev)

On macOS you can run the command below to get both tools

brew install gh go-task

Tasks Specification

Task Description
check-gh Verify gh CLI installed/authenticated
var:ls List variables from source repo
var:export Export variables from source repo to template file (new feature)
var:sync Synchronize variables from source to target
secret:ls List secret names from source repo
secret:sync Synchronize secret from source to target using entries from the given secret file
secret:export Export secret name from a GitHub repository to a secret file template
sync Main entry point - synchronize secrets & variables

Usage Flow

Check gh CLI status

task check-gh

Interactive Mode (Prompts for secrets)

task sync source=<owner>/<repo> target=<other>/<repo>

Non-Interactive Mode (using secrets from a secret file)

task sync source=<owner>/<repo> target=<other>/<repo> secret_file=<secret_file>

Non-Interactive Mode (only synchronize variables and export secret names to a secret file only)

task sync source=<owner>/<repo> target=<other>/<repo> secret_file=<secret_file> mode=manual

Only Synchronize Variables (No secrets)

Synchronize all variables from source repository to target repository
task var:sync source=<owner>/<repo> target=<other>/<repo>
Synchronize all variables from source variable file to target repository
task var:sync source=<source_variable_file> source_type=file target=<other>/<repo>
Export variables from source repository to template file
task var:export source=<owner>/<repo> output_file=.env.vars

Only Synchronize Secrets (No variables)

task secret:sync source=<owner>/<repo> target=<other>/<repo>

Only Export Secrets (No variables)

task secret:export source=<owner>/<repo> output_file=<secret_file>

List variables from source repository

task var:ls source=<owner>/<repo>

List secrets from source repository

task secret:ls source=<owner>/<repo>

How does it works?

Variables Synchronization

  • Use gh variable list --json name,value to get all variables
  • Use gh variable set <name> --body <value> --repo <target> to set each

Variable Export Workflow

We cannot retrieve variable values via gh CLI due to security reasons.

  1. Export variables to template file, user manually fills values then:
    • Use gh variable list --repo <repo> --json name,value --jq '.[].name' to get all variable names.
  2. Synchronize variables to the target repository using the template file:
    • Read variable entries from the template file and use gh variable set <key> --repo <target> --body <value> to set each.

Contact

Le Minh Tri (a.k.a @ansidev).

License

MIT

Copyright © 2026-present Le Minh Tri.

About

GitHub Actions Secrets & Variables Synchronization Tool

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors