Get github environment variables without triggering deployment

README.md

So there's three things the environment: <<KEY>> key does that I'm aware of:

• lets you dynamically populate ${{ vars. }} based on what you have in Settings > Environments > KEY
• Records a deployment as in progress, etc blah blah. (the thing that's annoying everyone here)
• Gives you the ability to Require approval if a job attempts to run for a particular environment: KEY

If you're just doing 1️⃣ , then you can use this tool.

With this you can access particular values in your Environment secrets or variables without associating the run with a deployment.

Run it in your workflows, create an action, what ever.

GetGithubEnvironmentVariables.sh

#!/usr/bin/env bash

# set errors to fail the script
set -e

function require_arg() {
    if [[ -z "${1}" ]]; then
        echo "${2} is required."
        exit 1
    fi
}

# a function that checks if an environment variable is empty
function require_envvar() {
    if [[ -z "${!1}" ]]; then
        echo "envvar ${1} is required."
        exit 1
    fi
}

# a function that checks if an argument is equal to a value
function require_arg_tobe() {
    if [[ "${1}" != "${2}" ]]; then
        echo "${3} is required to be ${2}."
        exit 1
    fi
}

# a function that checks if a command exists
function requires_command() {
    if ! command -v "${1}" >/dev/null 2>&1; then
        echo "${2} is required. Expected to find: ${1}"
        exit 1
    fi
}

# Creates a JQ filter based on the comma separated keys you provide
function cmd_fetch() {
    local environment
    local repo
    local filter

    repo="${1}"
    environment=$(echo "${2}" | jq -Rr @uri)

    # if filter is defined, prepare it to be a jq filter that matches .name against all keys in the filter
    # example input: A,B,C
    # example output: (.name == "A") or (.name == "B") or (.name == "C")
    if [[ -n "${3}" ]]; then
        filter=$(echo "${3}" | jq -Rr 'split(",") | map(. as $k | "(.name == \"\($k)\")") | join(" or ")')
    else
        filter="true"
    fi

    gh api \
        -H "Accept: application/vnd.github+json" \
        -H "X-GitHub-Api-Version: 2022-11-28" \
        --jq ".variables | map(select(${filter}))" \
        "/repos/${repo}/environments/${environment}/variables"
}

## filter the entries and print out the name and value
function cmd_values() {
    cmd_fetch "${@}" |
        jq -r ".[] | .name, .value"
}

## print out the values as bash exports format
function cmd_asoutput() {
    cmd_values "${@}" |
        while read -r name; do
            read -r value
            echo "${name}=${value}"
        done
}

require_envvar "GH_TOKEN" "GitHub token"
requires_command "git" "git version control"
requires_command "gh" "github cli"

case "${1}" in

list)
    require_arg "${2}" "1: repo"
    require_arg "${3}" "2: environment"
    cmd_list "${@:2}"
    ;;
values)
    require_arg "${2}" "1: repo"
    require_arg "${3}" "2: environment"
    cmd_values "${@:2}"
    ;;
as-output)
    require_arg "${2}" "1: repo"
    require_arg "${3}" "2: environment"
    cmd_asoutput "${@:2}"
    ;;
*)
    echo "$0"
    echo ""
    echo "Available commands:"
    echo "  list <repo> <env> [filter]      - List all variables (optionally filtered by names, comma-separated)"
    echo "  values <repo> <env> [filter]    - Print variable names and values"
    echo "  as-output <repo> <env> [filter] - Output variables as bash export format"
    echo "  help                            - Show this help message"
    echo ""
    echo "Usage examples:"
    echo "  ./$0 list myorg/myrepo production"
    echo "  ./$0 values myorg/myrepo staging VAR1,VAR2"
    echo "  ./$0 as-output myorg/myrepo dev"
    echo ""
    echo "Notes:"
    echo "  - Requires GH_TOKEN, git, and gh CLI."
    echo "  - Filter argument is a comma-separated list of variable names."
    exit 1
    ;;
esac