From e764958de48b25a6c2f40288d3db7dff476f9ba2 Mon Sep 17 00:00:00 2001
From: Daniil_Gorpinchenko <Daniil_Gorpinchenko@epam.com>
Date: Thu, 26 Sep 2024 16:27:43 +0300
Subject: [PATCH] read env vars for secrets

---
 .github/workflows/blank.yml |  6 ++++++
 internal/config/app.go      | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml
index 46ef286..2635618 100644
--- a/.github/workflows/blank.yml
+++ b/.github/workflows/blank.yml
@@ -95,6 +95,12 @@ jobs:
           script: |
             mkdir -p /var/www/csr/stage/
             echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json
+            sudo rm -rf /etc/systemd/system/stage.csr.service.d
+            sudo EDITOR='tee' systemctl edit stage.csr.service <<< '[Service]
+            Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}"
+            Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}"'
+            Environment="DB_USER=${{ secrets.DB_USER }}"'
+            Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"'
             sudo systemctl daemon-reload && sudo service stage.csr stop
             cp ~/csr /var/www/csr/stage/server
             sudo service stage.csr start
diff --git a/internal/config/app.go b/internal/config/app.go
index abf850c..371c54e 100644
--- a/internal/config/app.go
+++ b/internal/config/app.go
@@ -85,6 +85,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) {
 	if err := viper.ReadInConfig(); err != nil {
 		return nil, fmt.Errorf("failed to read in config: %w", err)
 	}
+	bindEnvVars()
 
 	conf := getDefaultConfig()
 	if err := viper.Unmarshal(&conf); err != nil {
@@ -100,6 +101,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) {
 
 func getDefaultConfig() *AppConfig {
 	return &AppConfig{
+		JWTSecretKey: "default_value",
 		DB: DB{
 			Host:     "localhost",
 			User:     "csr",
@@ -110,6 +112,7 @@ func getDefaultConfig() *AppConfig {
 			ResetLinkExpiration: 15 * time.Minute,
 		},
 		Email: Email{
+			Password:              "default_value",
 			SenderWebsiteUrl:      "https://csr.golangforall.com/",
 			ConfirmLinkExpiration: 15 * time.Minute,
 		},
@@ -119,3 +122,12 @@ func getDefaultConfig() *AppConfig {
 		},
 	}
 }
+
+func bindEnvVars() {
+	viper.BindEnv("jwtsecretkey", "JWT_SECRET_KEY")
+	viper.BindEnv("email.password", "EMAIL_PASSWORD")
+	viper.BindEnv("db.user", "DB_USER")
+	viper.BindEnv("db.password", "DB_PASSWORD")
+
+	viper.AutomaticEnv()
+}