04State & Data

Variables, Secrets & Inputs

In GitHub Actions, there are 3 core ways to handle data. Master these, and you can build any automation imaginable.

Variables

Non-Sensitive

App names, versions, or URLs. Set in YAML or Repository Settings.

Secrets

Sensitive

API Keys, Passwords. Encrypted and hidden (***) from logs automatically.

Inputs

User Interaction

Dynamic choices users make when running a workflow manually.

The Complete Breakdown

Below is a production-ready example covering the 8 essential patterns for handling data in your pipelines.

.github/workflows/variables-secrets-inputs.yml

# Variables, Secrets and Inputs Example
name: Variables, Secrets and Inputs

on:
  workflow_dispatch:
    inputs:
      environment:
        description: "Target environment"
        required: true
        type: choice
        options: [development, staging, production]
        default: development
      version:
        description: "Deploy version"
        type: string
        default: "v1.0.0"
      run_tests:
        description: "Run tests?"
        type: boolean
        default: true

jobs:
  learn-variables:
    runs-on: ubuntu-latest
    env:
      APP_NAME: "my-coding-adda-app"
      NODE_VERSION: "20"

    steps:
      - name: "Step 1 - Show user inputs"
        run: |
          echo "Environment : ${{ inputs.environment }}"
          echo "Version     : ${{ inputs.version }}"
          echo "Run Tests   : ${{ inputs.run_tests }}"

      - name: "Step 2 - Use environment variables"
        run: |
          echo "App Name     : $APP_NAME"
          echo "Node Version : $NODE_VERSION"

      - name: "Step 3 - Use a secret"
        env:
          MY_KEY: ${{ secrets.MY_API_KEY }}
        run: |
          echo "API Key is set: ${{ secrets.MY_API_KEY != '' }}"
          echo "First 4 chars: ${MY_KEY:0:4}****"

      - name: "Step 4 - Use a repository variable"
        run: |
          echo "App URL from Settings: ${{ vars.APP_URL }}"

      - name: "Step 5 - Create a dynamic variable"
        run: |
          TODAY=$(date +'%Y-%m-%d')
          echo "TODAY=$TODAY" >> $GITHUB_ENV

      - name: "Step 6 - Use dynamic variable"
        run: |
          echo "Today's date is: $TODAY"

      - name: "Step 7 - Conditionals"
        if: inputs.run_tests == true
        run: echo "✅ Running tests..."

      - name: "Step 8 - Final summary"
        run: echo "Workflow Complete for ${{ inputs.environment }}"

Manual Inputs (workflow_dispatch)

The inputs block defines a UI form. You can use 'choice' for dropdowns, 'string' for text, and 'boolean' for toggles.

\${{ inputs.environment }}

Job-Level Env Variables

The 'env' key at the job level makes variables available to every step inside that job. Use them for global config.

env: APP_NAME: 'my-app'

Secure Secret Mapping

Secrets are stored in GitHub Settings. Always map them to a local env variable in the step they are used. GitHub masks them automatically.

MY_KEY: \${{ secrets.API_KEY }}

Never print the full secret! Even if you try, GitHub will replace it with ***.

Repository Variables (Fixed Config)

Variables (vars) are like secrets but for non-sensitive data. Great for storing staging URLs or AWS regions.

\${{ vars.APP_URL }}

5 & 6

On-The-Fly Dynamic Variables

Sometimes you need to calculate a value (like a date) and use it later. Write it to $GITHUB_ENV to save it for future steps.

echo 'TODAY=...' >> $GITHUB_ENV

Conditional Logic (The 'if' key)

Stop steps from running unless a condition is met. Perfect for skipping tests or adding production guards.

if: inputs.run_tests == true

Execution Summary

The final step typically summarizes the run, using all the data collected and generated during the process.

Summary for Coding Adda Users

Secrets: Always used for Passwords/Keys. Located in Settings > Secrets and Variables > Actions.

Inputs: Used for human interaction. Defined under on: workflow_dispatch.

Workflows In Detail

Github Action Runners