Workflow syntax should support environment in steps or even runs

[newhoggy]

Environments can store and expose secrets to the build. It would be nice if there was a way to use environments at a more granular level so secrets are only exposed to those parts of the workflow that actually need them.

For example if I need some secrets to store credentials to a cache service to cache my dependencies, then I should only need to expose my secrets to that cache service and not the entire build.

This prevents a malicious actor from writing code in one of the project dependencies to try and capture secrets.

[maxim-lobanov]

@newhoggy , I suggest to log an issue in https://github.com/actions/runner repository.
In the current repository, we maintain only content of Hosted Runners:

This repository contains the source used to create the virtual environments for GitHub Actions hosted runners, as well as the VM images of Microsoft-hosted agents used for Azure Pipelines. To build a VM machine from this repo's source, see the instructions.

[newhoggy]

Thanks!