User Supplied Secrets

User specified variables which are encrypted for security purposes are referred to as “secrets” in GitHub Actions. They are provided by the DevOps engineer who is developing the workflow. They are needed in order to identify the iCR server to be used for analysis and its accompanying configuration parameters. They are:

1. secrets.ICR_URL ``Provide the URL to the location of the iCR server to be used for the analysis and review. Using examples from the Private Platform User Guide, the url would look like: http://3.237.77.219:3001 **** ****Where 3.237.77.219 is the IP address of the iCR server and 3001 is the TCP port that the Navigator uses.

2. secrets.ICR_USER_NAME The Navigator requires the workflow to login into iCR using a specific iCR user name. This field is a string that specifies the User Name.

3. secrets.ICR_CI_CD_ACCESS_TOKEN In concert with the ICR_USER_NAME, that User needs to be authenticated before it can access iCR functionality. So that passwords are not exchanged between the yml script and iCR, an encrypted token is used. The ICR_CI_CD_ACCESS_TOKEN is created by the User within the iCR Navigator. You can see how that is done in the User Guide section titled The Navigator top banner.

4. secrets.LANGUAGE_VERSION With some languages that are analyzed by iCR, such as Python, the specific version of the language or related libraries needs to be specified in order for iCR to work correctly for the target source. For example, if you are using Python 3.7, then the string 3.7 is assigned.

5. secrets.PERSONAL_ACCESS_TOKEN ``To authorize the workflow to operate upon the project on behalf of a specific user, that workflow needs to supply a Personal Access Token (PAT) that authorizes access to their repositories. You can reuse the token you used in Preparing and Registering the Docker Image, or you can create another one as described in Creating a Personal Access Token.

6. secrets.MAIL_ADDRESS ``When the analysis triggered by this workflow completes, the User, upon whose behalf this analysis was performed, will receive an email notification letting them know it is complete. That User’s email will be entered here. An email address MUST be provided to allow a way for iCR to notify the User in the event of either success of some kind of failure. If no address is provided the workflow will not proceed.