A6-9V/MQL5-Google-Onedrive
1
0
Fork 0
forked from LengKundee/MQL5-Google-Onedrive
Code Pull requests Activity
MQL5-Google-Onedrive/GITHUB_SECRETS_SETUP.md
copilot-swe-agent[bot] 77cb62d1d2 Add repository sync with L6-N9 and REST API integration 
Co-authored-by: Mouy-leng <199350297+Mouy-leng@users.noreply.github.com>
2026-02-17 10:58:11 +00:00

4.4 KiB
Raw Permalink Blame History

GitHub Actions Secrets Setup

This document provides guidance on setting up GitHub Secrets for the repository's CI/CD workflows.

Required Secrets

The following secrets should be configured in your GitHub repository settings:

Telegram Bot Configuration

  • TELEGRAM_BOT_TOKEN or TELEGRAM_BOT_API

  • TELEGRAM_ALLOWED_USER_IDS (Optional)

    • Value: Comma-separated list of Telegram user IDs authorized to use the bot
    • Example: 123456789,987654321
    • Used by: Telegram bot for access control

GitHub Automation

  • GITHUB_PAT (Optional)
    • Value: your_github_personal_access_token_here
    • Used by: Scripts that need enhanced GitHub API access
    • Scopes required: repo, workflow, write:packages

Existing Secrets (Already Configured)

  • RCLONE_CONFIG_B64 - For OneDrive sync
  • CLOUDFLARE_ZONE_ID - Cloudflare zone ID
  • CLOUDFLARE_ACCOUNT_ID - Cloudflare account ID
  • DOMAIN_NAME - Your domain name
  • SCRSOR - Firefox Relay API key
  • COPILOT - Firefox Relay API key
  • SLACK_WEBHOOK (Optional) - For Slack notifications

Repository Sync Configuration (New)

  • REPO_SYNC_TOKEN (Required for L6-N9 sync)

    • Value: GitHub Personal Access Token with repo scope
    • Used by: Repository sync workflow to access L6-N9 repository
    • Generate at: GitHub Settings → Developer settings → Personal access tokens

  • L6_N9_REPO (Optional)

    • Value: Target repository name (default: A6-9V/L6-N9)
    • Format: owner/repository

  • L6_N9_SYNC_BRANCH (Optional)

    • Value: Target branch name (default: main)

  • REST_API_KEY (Optional)

    • Value: Your REST API authentication key
    • Used by: REST API notifications during sync

  • REST_API_URL (Optional)

    • Value: Your REST API endpoint URL
    • Example: https://api.example.com/sync
    • Used by: Sending sync status notifications

📖 See Repository Sync Setup Guide for detailed configuration instructions.

Setting Secrets via GitHub CLI

If you have the GitHub CLI installed, you can set secrets using:

# Set Telegram bot token
gh secret set TELEGRAM_BOT_TOKEN --body "your_bot_token_here"

# Set GitHub PAT
gh secret set GITHUB_PAT --body "your_github_personal_access_token_here"

# Set allowed users (replace with your actual Telegram user ID)
gh secret set TELEGRAM_ALLOWED_USER_IDS --body "your_telegram_user_id"

# Set Repository Sync secrets
gh secret set REPO_SYNC_TOKEN --body "ghp_your_token_here"
gh secret set L6_N9_REPO --body "A6-9V/L6-N9"
gh secret set L6_N9_SYNC_BRANCH --body "main"

# Set REST API secrets (optional)
gh secret set REST_API_KEY --body "your_api_key_here"
gh secret set REST_API_URL --body "https://api.example.com/sync"

Setting Secrets via GitHub Web UI

  1. Go to your repository on GitHub
  2. Click SettingsSecrets and variablesActions
  3. Click New repository secret
  4. Add each secret with its name and value

Using the Automated Script

You can also use the provided script to sync from your local vault:

# Make sure config/vault.json is properly configured
bash scripts/set_github_secrets.sh vault

This will read from config/vault.json and set the appropriate GitHub secrets.

Verification

After setting secrets, you can verify they're available in your workflows:

  1. Go to Actions tab in your repository
  2. Run a workflow that uses these secrets
  3. Check the workflow logs to ensure secrets are being loaded (values will be masked)

Security Notes

  • Never log or print secret values in workflows
  • GitHub automatically masks secret values in logs
  • Rotate secrets regularly for security
  • Use the minimum required scopes for tokens
  • Store the actual values in a secure password manager

If a real token was ever committed to git, treat it as compromised: rotate/revoke it immediately (BotFather for Telegram, GitHub settings for PATs).

Troubleshooting

If secrets aren't working:

  1. Check secret names - They're case-sensitive
  2. Verify workflow permissions - Some secrets require specific permissions
  3. Check repository visibility - Public repos have different secret handling
  4. Review workflow syntax - Ensure you're accessing secrets correctly: ${{ secrets.SECRET_NAME }}