Support setting arbitrary secrets for tests step

[dominykas]

Closes #32

Sometimes tests require secret tokens to run (e.g. https://github.com/pkgjs/wiby needs GITHUB_TOKEN to properly test integration with Github). Reusable workflows do not make this easy - unlike regular steps, you're not allowed to set jobs.<job_id>.env for reusable workflows; the env vars set on the calling workflow are not passed through; the secrets need to be explicitly enumerated in the called (shared) workflow.

Hence the hack - pass the secrets as a JSON object 🤷‍♂️.

Usage:

jobs:
  test:
    uses: pkgjs/action/.github/workflows/node-test.yaml@main
    secrets:
      test-secrets: |-
        {
          "VERY_SECRET": ${{ toJSON(secrets.VERY_SECRET) }} 
        }

The param is called test-secrets, because it only sets the values for the test step. We have scope to explicitly add install-secrets, checkout-secrets, etc in the future.

I'll be writing up the documentation next, and I'll make sure to add the usual caveats of leaking secrets via environment.

Test runs:

• Setting a TESTING_TESTING secret, but it is not available in the repo secrets: https://github.com/dominykas/pkgjs-action/actions/runs/1646277491/attempts/1 (there's a warning in the logs)
• TESTING_TESTING is set up correctly: https://github.com/dominykas/pkgjs-action/actions/runs/1646277491/attempts/2
• No secrets configured for the workflow: https://github.com/dominykas/pkgjs-action/actions/runs/1646292401

[ljharb]

What happens on a windows test run?

[dominykas]

It uses bash on Windows and works: https://github.com/dominykas/pkgjs-action/runs/4684547350?check_suite_focus=true

[ljharb]

Ah i see, because it’s just used to inform GHA, not to change anything about the runner. Nice!

This one step alone seems like it’d be useful as a reusable action :-)