Provides environment variables via direnv
This action provides environment variables via direnv,
evaluates the target .envrc, and exports the resulting environment variables
to subsequent workflow steps.
Documentation site: https://hatsunemiku3939.github.io/direnv-action/
The action performs the following steps:
- Installs the requested
direnvversion from the GitHub release assets or a cache. - Runs
direnv allowfor the configuredpath. - Runs
direnv export jsonin the configuredpath. - Logs the exported environment variable names without printing their values.
- Optionally verifies that required environment variable names were exported.
- Exports the resulting variables to the GitHub Actions environment.
- Appends
PATHentries throughcore.addPath()whenPATHis present in the exported values. - Masks configured secret values with the GitHub Actions masking API.
direnvVersion: Thedirenvversion to use. Default:2.37.1.masks: A comma-separated list of environment variable names to mask. Default:''.required: A newline-delimited list of environment variable names that must be exported. Default:''.path: The directory wheredirenv allowanddirenv export jsonare executed. Default:..
No outputs
Examples below pin the current release, v1.3.7. If you prefer compatible updates within the current major line, use the moving major tag @v1.
uses: HatsuneMiku3939/direnv-action@v1.3.7
with:
direnvVersion: 2.37.1
masks: SECRET1, SECRET2This loads the .envrc file from the repository root.
To evaluate the .envrc in a subdirectory, set path explicitly:
uses: HatsuneMiku3939/direnv-action@v1.3.7
with:
path: child
masks: SECRET1, SECRET2To fail early when expected variables are not exported, set required:
uses: HatsuneMiku3939/direnv-action@v1.3.7
with:
required: |
AWS_REGION
DATABASE_URL
NODE_AUTH_TOKENFor the most predictable builds, pin an exact version tag such as @v1.3.7. Use @v1 only when you want to receive the latest compatible v1.x.y release automatically.
masksaccepts environment variable names, not raw secret values.requiredaccepts environment variable names, not raw values, and fails when any listed name is absent from the exported environment.- When
.envrcexportsPATH, the action appends it to the jobPATHinstead of overwriting the entire value. - Variables exported by
direnv export jsonare available to later workflow steps in the same job. - The action logs exported variable names for debugging, but it does not print environment variable values.
- The action does not define custom outputs; consumers should read exported environment variables directly.
This action evaluates .envrc, which means repository code can influence the shell commands executed by direnv.
- Only use this action with trusted repositories and trusted
.envrccontents. - Review fork-based pull request workflows carefully before allowing this action to run with secrets.
- Treat masking as a log redaction aid, not a complete secret protection boundary.
- Keep sensitive logic inside trusted workflow contexts whenever possible.
Run the local quality checks before packaging or releasing changes:
npm run lint
npm testFor release preparation, use the full gate so the generated dist/ artifacts stay in sync:
npm run allThe Vitest unit tests cover binary URL selection, tool installation cache branches, environment export behavior, required variable validation, secret masking, and the main action flow with mocked GitHub Actions APIs.
Since v1.0.7, the following platform and architecture combinations are supported.
| Platform | Architecture |
|---|---|
| Linux | x86_64 |
| Linux | arm64 |
| Darwin | x86_64 |
| Darwin | arm64 |
Versions earlier than v1.0.7 support only linux-x86_64.
Kim SeungSu |
hopisaurus |
Mike Dial |
gidoichi |
Alex Klinkert |