support for secrets

Signed-off-by: Casey Lee <cplee@nektos.com>

pkg/runner/expression.go

@@ -272,9 +272,8 @@ func (rc *RunContext) vmRunner() func(*otto.Otto) {
 }
 
 func (rc *RunContext) vmSecrets() func(*otto.Otto) {
-	secrets := make(map[string]string)
 	return func(vm *otto.Otto) {
-		_ = vm.Set("secrets", secrets)
+		_ = vm.Set("secrets", rc.Config.Secrets)
 	}
 }
 

pkg/runner/runner.go

@@ -18,12 +18,13 @@ type Runner interface {
 
 // Config contains the config for a new runner
 type Config struct {
-	Workdir         string // path to working directory
-	EventName       string // name of event to run
-	EventPath       string // path to JSON file to use for event.json in containers
-	ReuseContainers bool   // reuse containers to maintain state
-	ForcePull       bool   // force pulling of the image, if already present
-	LogOutput       bool   // log the output from docker run
+	Workdir         string            // path to working directory
+	EventName       string            // name of event to run
+	EventPath       string            // path to JSON file to use for event.json in containers
+	ReuseContainers bool              // reuse containers to maintain state
+	ForcePull       bool              // force pulling of the image, if already present
+	LogOutput       bool              // log the output from docker run
+	Secrets         map[string]string // list of secrets
 }
 
 type runnerImpl struct {

pkg/runner/testdata/secrets/push.yml

@@ -0,0 +1,9 @@
+name: basic
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          echo '${{secrets.MY_SECRET}}' | grep 'top-secret'