Overview

When using TestDriver to test your application, you may need to securely store and use sensitive information such as usernames, passwords, API keys, or other secrets. GitHub Actions provides a secure way to manage these secrets, ensuring they aren’t exposed in your test files or logs.

Why use secrets?

  • Security: Secrets are encrypted and stored securely in your GitHub repository.
  • Masking: TestDriver automatically masks secrets in all test output, including debugging logs.
  • Reusability: Secrets can be reused across multiple workflows and test files.

Step 1: Replace hardcoded secrets in test files

To securely use secrets in your TestDriver test files, replace hardcoded values with placeholders in the format ${TD_YOUR_SECRET}. TestDriver will parse and mask any secrets that begin with TD_.

Example test file

version: 4.1.35
steps:
  - prompt: sign in with username and password
    commands:
      - command: focus-application
        name: Google Chrome
      - command: hover-text
        text: Email or phone
        description: email input field
        action: click
      - command: type
        text: ${TD_USERNAME}
      - command: hover-text
        text: Next
        description: next button after entering email
        action: click
      - command: hover-text
        text: Password
        description: password input field
        action: click
      - command: type
        text: ${TD_PASSWORD}

Step 2: Add secrets to Your GitHub repository

  1. Navigate to your GitHub repository.
  2. Go to Settings > Secrets and variables > Actions.
  3. Click New repository secret.
  4. Add your secrets (for example, TD_USERNAME, TD_PASSWORD, TD_API_KEY).

For detailed instructions, refer to the GitHub Docs on using secrets.

Step 3: Supply secrets to GitHub Actions

When running TestDriver tests via GitHub Actions, supply your secrets in the env section of the workflow file.

Example workflow

.github/workflows/testdriver.yaml
name: TestDriver Test

permissions:
  actions: read
  contents: read
  statuses: write
  pull-requests: write

jobs:
  test:
    name: "TestDriver"
    runs-on: ubuntu-latest
    steps:
      - uses: testdriverai/action@main
        with:
          key: ${{ secrets.TD_API_KEY }}
          prompt: | 
            1. /run tests/signin.yaml
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TD_USERNAME: ${{ secrets.TD_USERNAME }}
          TD_PASSWORD: ${{ secrets.TD_PASSWORD }}

Best practices

  • Use Descriptive Names: Name your secrets clearly (for example, TD_USERNAME, TD_PASSWORD) to make them easy to identify.
  • Rotate Secrets Regularly: Update your secrets periodically to enhance security.
  • Limit Access: Only provide access to secrets for workflows and team members that require them.
  • Mask Secrets: Ensure all secrets are masked in logs by using the TD_ prefix.

Notes

  • Secrets are encrypted and only accessible during the workflow run.
  • TestDriver automatically masks secrets in test output to prevent accidental exposure.
  • For additional security, avoid hardcoding sensitive information in your test files or workflows.