What is difference between with and env

You can see in the documentation with: used to define a variable.

While env defines an environmnent variable, as defined here and in jobs.<job_id>.env

• an environment variable defined in a step will override job and workflow variables with the same name, while the step executes.
• A variable defined for a job will override a workflow variable with the same name, while the job executes.

You need both to access secrets:

steps:
  - name: Hello world action
    with: # Set the secret as an input
      super_secret: ${{ secrets.SuperSecret }}
    env: # Or as an environment variable
      super_secret: ${{ secrets.SuperSecret }}

with - is specifically used for passing parameters to the action

env - is used specifically for introducing environment variables that can be accessed depending on scope of the resource

  workflow envs - can be accessed by all resources in the workflow except services
  
  job envs - can be accessed by all resources under job except services
  
  step envs - can be accessed by any resource within the step

Here is an example on how parameters are handled

Let's say an action is created with following parameter in action.yaml

name: 'Npm Audit Action'
inputs:
  dirPath:
    description: 'Directory path of the project to audit'
    required: true
    default: './'

Then we will provide this parameter through the with tag in our workflow

- name: Use the action
  uses: meroware/[email protected]
  with:
    dirPath: vulnerable-project

Then in the action code we would handle it as such if building a Node.js action

const core = require("@actions/core");
const dirPath = core.getInput("dirPath");

Envs within actions are accessed differently, let's say we are building a Node.js action, then we would access it through process.env. Going back to our example action

name: 'Npm Audit Action'
env:
   SOME_ENV: 'hey I am an env'

Then this could be accessed as

const { someEnv: SOME_ENV } = process.env