Environment variable management, secret masking, and state preservation across action execution phases. This system enables actions to communicate with the workflow environment, manage sensitive data securely, and maintain state between main and post-action execution.
Sets an environment variable for the current action and all future actions in the job.
/**
* Sets env variable for this action and future actions in the job
* @param name - The name of the variable to set
* @param val - The value of the variable. Non-string values will be converted to a string via JSON.stringify
*/
function exportVariable(name: string, val: any): void;Usage Examples:
import { exportVariable } from '@actions/core';
// Export string variable
exportVariable('MY_VAR', 'my-value');
// Export number variable (automatically converted to string)
exportVariable('BUILD_NUMBER', 42);
// Export boolean variable (automatically converted to string)
exportVariable('IS_PRODUCTION', true);
// Export object variable (automatically JSON stringified)
exportVariable('CONFIG', {
apiUrl: 'https://api.example.com',
timeout: 5000,
retries: 3
});
// Export array variable
exportVariable('FILES_TO_PROCESS', ['file1.txt', 'file2.txt', 'file3.txt']);Registers a secret value for masking in all future log output to prevent sensitive information exposure.
/**
* Registers a secret which will get masked from logs
* @param secret - Value of the secret to be masked
* @remarks
* This function instructs the Actions runner to mask the specified value in any
* logs produced during the workflow run. Once registered, the secret value will
* be replaced with asterisks (***) whenever it appears in console output, logs,
* or error messages.
*/
function setSecret(secret: string): void;Usage Examples:
import { setSecret, info } from '@actions/core';
// Register API token as secret
const apiToken = process.env.API_TOKEN || 'fallback-token';
setSecret(apiToken);
// Register database password
const dbPassword = 'super-secret-password';
setSecret(dbPassword);
// Now any logs containing these values will show *** instead
info(`Connecting with token: ${apiToken}`); // Outputs: "Connecting with token: ***"
info(`Database password: ${dbPassword}`); // Outputs: "Database password: ***"
// Register multiple secrets
const secrets = [
process.env.AWS_SECRET_KEY,
process.env.DB_PASSWORD,
process.env.ENCRYPTION_KEY
].filter(Boolean);
secrets.forEach(secret => setSecret(secret));Prepends a directory to the PATH environment variable for the current action and all future actions in the job.
/**
* Prepends inputPath to the PATH (for this action and future actions)
* @param inputPath - Path to add to the beginning of PATH
*/
function addPath(inputPath: string): void;Usage Examples:
import { addPath, info } from '@actions/core';
// Add a tool directory to PATH
addPath('/usr/local/bin/my-tool');
// Add multiple paths
const toolPaths = [
'/opt/custom-tools/bin',
'/usr/local/go/bin',
'/home/runner/.cargo/bin'
];
toolPaths.forEach(path => addPath(path));
// Add relative path (will be resolved)
addPath('./node_modules/.bin');
// Add conditional path based on platform
import { platform } from '@actions/core';
if (platform.isWindows) {
addPath('C:\\Tools\\bin');
} else {
addPath('/usr/local/bin');
}Saves state for the current action that can be retrieved during the post-action execution phase.
/**
* Saves state for current action, the state can only be retrieved by this action's post job execution
* @param name - Name of the state to store
* @param value - Value to store. Non-string values will be converted to a string via JSON.stringify
*/
function saveState(name: string, value: any): void;Usage Examples:
import { saveState } from '@actions/core';
// Save simple state
saveState('processId', '12345');
// Save object state
saveState('deploymentInfo', {
environment: 'production',
version: '1.2.3',
startTime: new Date().toISOString(),
resources: ['server1', 'server2']
});
// Save state for cleanup
saveState('tempFiles', [
'/tmp/build-cache',
'/tmp/test-results',
'/tmp/artifacts'
]);
// Save boolean state
saveState('needsCleanup', true);Retrieves state that was previously saved by the action's main execution.
/**
* Gets the value of a state set by this action's main execution
* @param name - Name of the state to get
* @returns String value of the state, or empty string if not found
*/
function getState(name: string): string;Usage Examples:
import { getState, info } from '@actions/core';
// Get simple state
const processId = getState('processId');
if (processId) {
info(`Found saved process ID: ${processId}`);
}
// Get and parse object state
const deploymentInfoJson = getState('deploymentInfo');
if (deploymentInfoJson) {
const deploymentInfo = JSON.parse(deploymentInfoJson);
info(`Deployment version: ${deploymentInfo.version}`);
info(`Environment: ${deploymentInfo.environment}`);
}
// Get and parse array state
const tempFilesJson = getState('tempFiles');
if (tempFilesJson) {
const tempFiles = JSON.parse(tempFilesJson);
tempFiles.forEach((file: string) => {
// Clean up temporary files
info(`Cleaning up: ${file}`);
});
}
// Handle missing state
const missingState = getState('nonexistent');
if (!missingState) {
info('No state found, skipping cleanup');
}import { exportVariable, getInput, info } from '@actions/core';
// Set environment variables based on inputs
const environment = getInput('environment') || 'development';
const apiUrl = getInput('api-url') || 'https://api.example.com';
exportVariable('DEPLOY_ENV', environment);
exportVariable('API_BASE_URL', apiUrl);
exportVariable('BUILD_TIMESTAMP', new Date().toISOString());
info(`Environment variables set for ${environment} deployment`);import { setSecret, getInput, info } from '@actions/core';
// Register multiple secrets from inputs
const secrets = [
getInput('api-key'),
getInput('database-password'),
getInput('signing-key')
].filter(secret => secret); // Remove empty values
secrets.forEach(secret => setSecret(secret));
info(`Registered ${secrets.length} secrets for masking`);Main action (main.ts):
import { saveState, info } from '@actions/core';
// Perform main action work
const deploymentId = await deployApplication();
const cleanupResources = ['temp-bucket', 'build-cache'];
// Save state for post-action cleanup
saveState('deploymentId', deploymentId);
saveState('cleanupResources', cleanupResources);
info('Main action completed, state saved for cleanup');Post action (post.ts):
import { getState, info } from '@actions/core';
// Retrieve saved state
const deploymentId = getState('deploymentId');
const cleanupResourcesJson = getState('cleanupResources');
if (deploymentId) {
info(`Performing cleanup for deployment: ${deploymentId}`);
if (cleanupResourcesJson) {
const cleanupResources = JSON.parse(cleanupResourcesJson);
for (const resource of cleanupResources) {
await cleanupResource(resource);
info(`Cleaned up resource: ${resource}`);
}
}
}GITHUB_ENV file or legacy workflow commandsGITHUB_PATH file or legacy workflow commandsGITHUB_STATE file or legacy workflow commandsAll methods automatically handle both new file-based and legacy command-based storage for maximum compatibility.