Add documentation for GitHub Actions configuration variables (#33119)

Co-authored-by: github-actions <[email protected]>
Co-authored-by: Tauhid Anjum <[email protected]>
Co-authored-by: Lucas Costi <[email protected]>

Author: 4 people

assets/images/help/organizations/actions-organization-secrets-tab.png

@@ -25,7 +25,7 @@ Some Docker instructions interact with GitHub Actions, and an action's metadata
 
 ### USER
 
-Docker actions must be run by the default Docker user (root). Do not use the `USER` instruction in your `Dockerfile`, because you won't be able to access the `GITHUB_WORKSPACE`. For more information, see "[Using environment variables](/actions/configuring-and-managing-workflows/using-environment-variables)" and [USER reference](https://docs.docker.com/engine/reference/builder/#user) in the Docker documentation.
+Docker actions must be run by the default Docker user (root). Do not use the `USER` instruction in your `Dockerfile`, because you won't be able to access the `GITHUB_WORKSPACE`. For more information, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)" and [USER reference](https://docs.docker.com/engine/reference/builder/#user) in the Docker documentation.
 
 ### FROM
 
@@ -39,7 +39,7 @@ These are some best practices when setting the `FROM` argument:
 
 ### WORKDIR
 
-{% data variables.product.product_name %} sets the working directory path in the `GITHUB_WORKSPACE` environment variable. It's recommended to not use the `WORKDIR` instruction in your `Dockerfile`. Before the action executes, {% data variables.product.product_name %} will mount the `GITHUB_WORKSPACE` directory on top of anything that was at that location in the Docker image and set `GITHUB_WORKSPACE` as the working directory. For more information, see "[Using environment variables](/actions/configuring-and-managing-workflows/using-environment-variables)" and the [WORKDIR reference](https://docs.docker.com/engine/reference/builder/#workdir) in the Docker documentation.
+{% data variables.product.product_name %} sets the working directory path in the `GITHUB_WORKSPACE` environment variable. It's recommended to not use the `WORKDIR` instruction in your `Dockerfile`. Before the action executes, {% data variables.product.product_name %} will mount the `GITHUB_WORKSPACE` directory on top of anything that was at that location in the Docker image and set `GITHUB_WORKSPACE` as the working directory. For more information, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)" and the [WORKDIR reference](https://docs.docker.com/engine/reference/builder/#workdir) in the Docker documentation.
 
 ### ENTRYPOINT
 

assets/images/help/organizations/actions-organization-variables-tab.png

@@ -29,7 +29,7 @@ The following scripting languages are supported:
 
 Your custom scripts can use the following features:
 
-- **Environment variables**:  Scripts have access to the default environment variables. The full webhook event payload can be found in `GITHUB_EVENT_PATH`. For more information, see "[Environment variables](/actions/learn-github-actions/environment-variables#default-environment-variables)."
+- **Variables**:  Scripts have access to the default variables. The full webhook event payload can be found in `GITHUB_EVENT_PATH`. For more information, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)."
 - **Workflow commands**: Scripts can use workflow commands. For more information, see ["Workflow commands for {% data variables.product.prodname_actions %}"](/actions/using-workflows/workflow-commands-for-github-actions){% ifversion actions-save-state-set-output-envs %}{% else %}, with the exception of `save-state` and `set-output`, which are not supported by these scripts{% endif %}. Scripts can also use environment files. For more information, see [Environment files](/actions/using-workflows/workflow-commands-for-github-actions#environment-files).
 
 {% note %}

assets/images/help/repository/actions-secrets-tab.png

@@ -24,7 +24,7 @@ featuredLinks:
     - /actions/learn-github-actions/events-that-trigger-workflows
     - /actions/learn-github-actions/contexts
     - /actions/learn-github-actions/expressions
-    - /actions/learn-github-actions/environment-variables
+    - /actions/learn-github-actions/variables
     - /actions/security-guides/encrypted-secrets
 changelog:
   label: actions

assets/images/help/repository/actions-variables-tab.png

@@ -34,7 +34,7 @@ jobs:
             POSTGRES_PORT: 5432
 ```
 
-For more information, see "[Using environment variables](/actions/configuring-and-managing-workflows/using-environment-variables)."
+For more information, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)."
 
 ## Adding scripts to your workflow
 

content/actions/creating-actions/dockerfile-support-for-github-actions.md

@@ -24,7 +24,7 @@ children:
   - /essential-features-of-github-actions
   - /expressions
   - /contexts
-  - /environment-variables
+  - /variables
   - /usage-limits-billing-and-administration
 ---
 

content/actions/hosting-your-own-runners/running-scripts-before-or-after-a-job.md

@@ -73,9 +73,9 @@ For more information about the tools and packages available on {% data variables
 
 ## Using variables and secrets
 
-CircleCI and {% data variables.product.prodname_actions %} support setting environment variables in the configuration file and creating secrets using the CircleCI or {% data variables.product.product_name %} UI.
+CircleCI and {% data variables.product.prodname_actions %} support setting variables in the configuration file and creating secrets using the CircleCI or {% data variables.product.product_name %} UI.
 
-For more information, see "[Using environment variables](/actions/configuring-and-managing-workflows/using-environment-variables)" and "[Creating and using encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
+For more information, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)" and "[Creating and using encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
 
 ## Caching
 

content/actions/index.md

@@ -301,9 +301,9 @@ For more information, see "[Events that trigger workflows](/actions/reference/ev
 
 ## Variables and secrets
 
-GitLab CI/CD and {% data variables.product.prodname_actions %} support setting environment variables in the pipeline or workflow configuration file, and creating secrets using the GitLab or {% data variables.product.product_name %} UI.
+GitLab CI/CD and {% data variables.product.prodname_actions %} support setting variables in the pipeline or workflow configuration file, and creating secrets using the GitLab or {% data variables.product.product_name %} UI.
 
-For more information, see "[Environment variables](/actions/reference/environment-variables)" and "[Encrypted secrets](/actions/reference/encrypted-secrets)."
+For more information, see "[Variables](/actions/learn-github-actions/variables)" and "[Encrypted secrets](/actions/reference/encrypted-secrets)."
 
 ## Caching
 

content/actions/learn-github-actions/contexts.md

@@ -43,13 +43,13 @@ To give you control over when CI tasks are executed, a {% data variables.product
 
 Travis CI and {% data variables.product.prodname_actions %} both use YAML to create jobs and workflows, and these files are stored in the code's repository. For more information on how {% data variables.product.prodname_actions %} uses YAML, see ["Creating a workflow file](/actions/learn-github-actions/introduction-to-github-actions#create-an-example-workflow)."
 
-### Custom environment variables
+### Custom variables
 
-Travis CI lets you set environment variables and share them between stages. Similarly, {% data variables.product.prodname_actions %} lets you define environment variables for a step, job, or workflow. For more information, see ["Environment variables](/actions/reference/environment-variables)."
+Travis CI lets you set variables and share them between stages. Similarly, {% data variables.product.prodname_actions %} lets you define variables for a workflows. For more information, see "[Variables](/actions/learn-github-actions/variables)."
 
-### Default environment variables
+### Default variables
 
-Travis CI and {% data variables.product.prodname_actions %} both include default environment variables that you can use in your YAML files. For {% data variables.product.prodname_actions %}, you can see these listed in "[Default environment variables](/actions/reference/environment-variables#default-environment-variables)."
+Travis CI and {% data variables.product.prodname_actions %} both include default environment variables that you can use in your YAML files. For {% data variables.product.prodname_actions %}, you can see these listed in "[Default environment variables](/actions/learn-github-actions/variables#default-environment-variables)."
 
 ### Parallel job processing
 
@@ -178,7 +178,7 @@ git:
 
 ### Using environment variables in a matrix
 
-Travis CI and {% data variables.product.prodname_actions %} can both add custom environment variables to a test matrix, which allows you to refer to the variable in a later step.
+Travis CI and {% data variables.product.prodname_actions %} can both add custom variables to a test matrix, which allows you to refer to the variable in a later step.
 
 In {% data variables.product.prodname_actions %}, you can use the `include` key to add custom environment variables to a matrix. {% data reusables.actions.matrix-variable-example %}
 

content/actions/learn-github-actions/environment-variables.md

@@ -16,9 +16,9 @@ versions:
 
 These extra logs are enabled by setting secrets in the repository containing the workflow, so the same permissions requirements will apply:
 
-- {% data reusables.actions.permissions-statement-secrets-repository %}
+- {% data reusables.actions.permissions-statement-secrets-variables-repository %}
 - {% data reusables.actions.permissions-statement-secrets-environment %}
-- {% data reusables.actions.permissions-statement-secrets-organization %}
+- {% data reusables.actions.permissions-statement-secrets-and-variables-organization %}
 - {% data reusables.actions.permissions-statement-secrets-api %}
 
 For more information on setting secrets, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."

content/actions/learn-github-actions/essential-features-of-github-actions.md

@@ -34,7 +34,7 @@ For more information about creating a CI workflow for your Java project with Gra
 You may also find it helpful to have a basic understanding of the following:
 
 - "[Working with the npm registry](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)"
-- "[Environment variables](/actions/reference/environment-variables)"
+- "[Variables](/actions/learn-github-actions/variables)"
 - "[Encrypted secrets](/actions/reference/encrypted-secrets)"
 - "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"
 
@@ -160,10 +160,10 @@ on:
     types: [created]
 jobs:
   publish:
-    runs-on: ubuntu-latest 
-    permissions: 
+    runs-on: ubuntu-latest
+    permissions:
       contents: read
-      packages: write 
+      packages: write
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - uses: {% data reusables.actions.action-setup-java %}
@@ -241,10 +241,10 @@ on:
     types: [created]
 jobs:
   publish:
-    runs-on: ubuntu-latest 
-    permissions: 
+    runs-on: ubuntu-latest
+    permissions:
       contents: read
-      packages: write 
+      packages: write
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - name: Set up Java

content/actions/learn-github-actions/index.md

@@ -34,7 +34,7 @@ For more information about creating a CI workflow for your Java project with Mav
 You may also find it helpful to have a basic understanding of the following:
 
 - "[Working with the npm registry](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)"
-- "[Environment variables](/actions/reference/environment-variables)"
+- "[Variables](/actions/learn-github-actions/variables)"
 - "[Encrypted secrets](/actions/reference/encrypted-secrets)"
 - "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"
 
@@ -142,10 +142,10 @@ on:
     types: [created]
 jobs:
   publish:
-    runs-on: ubuntu-latest 
-    permissions: 
+    runs-on: ubuntu-latest
+    permissions:
       contents: read
-      packages: write 
+      packages: write
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - uses: {% data reusables.actions.action-setup-java %}
@@ -179,10 +179,10 @@ on:
     types: [created]
 jobs:
   publish:
-    runs-on: ubuntu-latest 
-    permissions: 
+    runs-on: ubuntu-latest
+    permissions:
       contents: read
-      packages: write 
+      packages: write
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       - name: Set up Java for publishing to Maven Central Repository

content/actions/learn-github-actions/variables.md

@@ -35,7 +35,7 @@ For more information about creating a CI workflow for your Node.js project, see
 You may also find it helpful to have a basic understanding of the following:
 
 - "[Working with the npm registry](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)"
-- "[Environment variables](/actions/reference/environment-variables)"
+- "[Variables](/actions/learn-github-actions/variables)"
 - "[Encrypted secrets](/actions/reference/encrypted-secrets)"
 - "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"
 
@@ -128,10 +128,10 @@ on:
     types: [created]
 jobs:
   build:
-    runs-on: ubuntu-latest 
-    permissions: 
+    runs-on: ubuntu-latest
+    permissions:
       contents: read
-      packages: write 
+      packages: write
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       # Setup .npmrc file to publish to GitHub Packages

content/actions/migrating-to-github-actions/migrating-from-circleci-to-github-actions.md

@@ -8,7 +8,7 @@ redirect_from:
   - /actions/configuring-and-managing-workflows/using-variables-and-secrets-in-a-workflow
   - /actions/reference/encrypted-secrets
   - /actions/managing-workflows/storing-secrets
-  
+
 miniTocMaxHeadingLevel: 3
 versions:
   fpt: '*'
@@ -22,7 +22,7 @@ versions:
 
 ## About encrypted secrets
 
-Secrets are encrypted environment variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to help ensure that secrets are encrypted before they reach {% data variables.product.prodname_dotcom %} and remain encrypted until you use them in a workflow.
+Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to help ensure that secrets are encrypted before they reach {% data variables.product.prodname_dotcom %} and remain encrypted until you use them in a workflow.
 
 {% data reusables.actions.secrets-org-level-overview %}
 
@@ -40,7 +40,9 @@ For secrets stored at the environment level, you can enable required reviewers t
 
 ### Naming your secrets
 
-{% data reusables.codespaces.secrets-naming %}
+The following rules apply to secret names:
+
+{% data reusables.actions.actions-secrets-and-variables-naming %}
 
   For example, a secret created at the environment level must have a unique name in that environment, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.
 
@@ -72,13 +74,16 @@ When generating credentials, we recommend that you grant the minimum permissions
 
 ## Creating encrypted secrets for a repository
 
-{% data reusables.actions.permissions-statement-secrets-repository %}
+{% data reusables.actions.permissions-statement-secrets-variables-repository %}
 
 {% webui %}
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.actions.sidebar-secret %}
+{% data reusables.actions.sidebar-secrets-and-variables %}
+{%- ifversion actions-configuration-variables %}
+{% data reusables.actions.actions-secrets-tab %}
+   ![Repository secrets tab](/assets/images/help/repository/actions-secrets-tab.png){% endif %}
 1. Click **New repository secret**.
 1. Type a name for your secret in the **Name** input box.
 1. Enter the value for your secret.
@@ -143,15 +148,18 @@ gh secret list --env ENV_NAME
 
 ## Creating encrypted secrets for an organization
 
-When creating a secret in an organization, you can use a policy to limit which repositories can access that secret. For example, you can grant access to all repositories, or limit access to only private repositories or a specified list of repositories.
+{% data reusables.actions.actions-secrets-variables-repository-access %}
 
-{% data reusables.actions.permissions-statement-secrets-organization %}
+{% data reusables.actions.permissions-statement-secrets-and-variables-organization %}
 
 {% webui %}
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
-{% data reusables.actions.sidebar-secret %}
+{% data reusables.actions.sidebar-secrets-and-variables %}
+{%- ifversion actions-configuration-variables %}
+{% data reusables.actions.actions-secrets-tab %}
+   ![Organization secrets tab](/assets/images/help/organizations/actions-organization-secrets-tab.png){% endif %}
 1. Click **New organization secret**.
 1. Type a name for your secret in the **Name** input box.
 1. Enter the **Value** for your secret.
@@ -204,9 +212,9 @@ You can check which access policies are being applied to a secret in your organi
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
-{% data reusables.actions.sidebar-secret %}
+{% data reusables.actions.sidebar-secrets-and-variables %}
 1. The list of secrets includes any configured permissions and policies. For example:
-![Secrets list](/assets/images/help/settings/actions-org-secrets-list.png)
+   ![Secrets list](/assets/images/help/settings/actions-org-secrets-list.png)
 1. For more details on the configured permissions for each secret, click **Update**.
 
 ## Using encrypted secrets in a workflow
@@ -356,9 +364,9 @@ To use secrets that are larger than 64 KB, you can use a workaround to store enc
 
    ```yaml
    name: Workflows with large secrets
- 
+
    on: push
- 
+
    jobs:
      my-job:
        name: My Job
@@ -399,7 +407,7 @@ You can use Base64 encoding to store small binary blobs as secrets. You can then
    ✓ Set secret CERTIFICATE_BASE64 for octocat/octorepo
    ```
 
-1. To access the Base64 string from your runner, pipe the secret to `base64 --decode`.  For example: 
+1. To access the Base64 string from your runner, pipe the secret to `base64 --decode`.  For example:
 
    ```yaml
    name: Retrieve Base64 secret

content/actions/migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions.md

@@ -194,7 +194,7 @@ The list of {% data variables.product.prodname_actions %} IP addresses returned
 | `workspace` | `GITHUB_WORKSPACE` | Actions and shell commands execute in this directory. An action can modify the contents of this directory, which subsequent actions can access. |
 | `workflow/event.json` | `GITHUB_EVENT_PATH` | The `POST` payload of the webhook event that triggered the workflow. {% data variables.product.prodname_dotcom %} rewrites this each time an action executes to isolate file content between actions.
 
-For a list of the environment variables {% data variables.product.prodname_dotcom %} creates for each workflow, see "[Using environment variables](/github/automating-your-workflow-with-github-actions/using-environment-variables)."
+For a list of the environment variables {% data variables.product.prodname_dotcom %} creates for each workflow, see "[Variables](/actions/learn-github-actions/variables#default-environment-variables)."
 
 ### Docker container filesystem