| 46 | } |
| 47 | |
| 48 | func NewCmdSet(f *cmdutil.Factory, runF func(*SetOptions) error) *cobra.Command { |
| 49 | opts := &SetOptions{ |
| 50 | IO: f.IOStreams, |
| 51 | Config: f.Config, |
| 52 | HttpClient: f.HttpClient, |
| 53 | Prompter: f.Prompter, |
| 54 | } |
| 55 | |
| 56 | // It is possible for a user to say `--no-repos-selected=false --repos cli/cli` and that would be equivalent to not |
| 57 | // specifying the flag at all. We could avoid this by checking whether the flag was set at all, but it seems like |
| 58 | // more trouble than it's worth since anyone who does `--no-repos-selected=false` is gonna get what's coming to them. |
| 59 | var noRepositoriesSelected bool |
| 60 | |
| 61 | cmd := &cobra.Command{ |
| 62 | Use: "set <secret-name>", |
| 63 | Short: "Create or update secrets", |
| 64 | Long: heredoc.Doc(` |
| 65 | Set a value for a secret on one of the following levels: |
| 66 | - repository (default): available to GitHub Actions runs, Agents sessions, or Dependabot in a repository |
| 67 | - environment: available to GitHub Actions runs for a deployment environment in a repository |
| 68 | - organization: available to GitHub Actions runs, Agents sessions, Dependabot, or Codespaces within an organization |
| 69 | - user: available to Codespaces for your user |
| 70 | |
| 71 | Organization and user secrets can optionally be restricted to only be available to |
| 72 | specific repositories. |
| 73 | |
| 74 | Secret values are locally encrypted before being sent to GitHub. |
| 75 | `), |
| 76 | Example: heredoc.Doc(` |
| 77 | # Paste secret value for the current repository in an interactive prompt |
| 78 | $ gh secret set MYSECRET |
| 79 | |
| 80 | # Read secret value from an environment variable |
| 81 | $ gh secret set MYSECRET --body "$ENV_VALUE" |
| 82 | |
| 83 | # Set secret for a specific remote repository |
| 84 | $ gh secret set MYSECRET --repo origin/repo --body "$ENV_VALUE" |
| 85 | |
| 86 | # Read secret value from a file |
| 87 | $ gh secret set MYSECRET < myfile.txt |
| 88 | |
| 89 | # Set secret for a deployment environment in the current repository |
| 90 | $ gh secret set MYSECRET --env myenvironment |
| 91 | |
| 92 | # Set organization-level secret visible to both public and private repositories |
| 93 | $ gh secret set MYSECRET --org myOrg --visibility all |
| 94 | |
| 95 | # Set organization-level secret visible to specific repositories |
| 96 | $ gh secret set MYSECRET --org myOrg --repos repo1,repo2,repo3 |
| 97 | |
| 98 | # Set organization-level secret visible to no repositories |
| 99 | $ gh secret set MYSECRET --org myOrg --no-repos-selected |
| 100 | |
| 101 | # Set user-level secret for Codespaces |
| 102 | $ gh secret set MYSECRET --user |
| 103 | |
| 104 | # Set repository-level secret for Dependabot |
| 105 | $ gh secret set MYSECRET --app dependabot |