From 96c95189d6be4aaf8966c04e501f1646f5a1e6f1 Mon Sep 17 00:00:00 2001
From: Thomas Gautier <46698+tgautier@users.noreply.github.com>
Date: Tue, 7 Mar 2023 09:53:39 +0100
Subject: [PATCH] Fix secrets (#12)

- add scale count to the end to speed up deployment time
- set secrets explicitly with `flyctl secrets set`
---
 README.md     | 12 ++++++------
 entrypoint.sh | 19 +++++++++++++++++--
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index b603459..d8ae9ce 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ jobs:
 
       - name: Deploy
         id: deploy
-        uses: fewlinesco/fly-io-review-apps@v3.0
+        uses: fewlinesco/fly-io-review-apps@v3.1
 ```
 
 ## Cleaning up GitHub environments
@@ -86,7 +86,7 @@ jobs:
 
       - name: Deploy app
         id: deploy
-        uses: fewlinesco/fly-io-review-apps@v3.0
+        uses: fewlinesco/fly-io-review-apps@v3.1
 
       - name: Clean up GitHub environment
         uses: strumwolf/delete-deployment-environment@v2
@@ -111,7 +111,7 @@ steps:
 
   - name: Deploy app
     id: deploy
-    uses: fewlinesco/fly-io-review-apps@v3.0
+    uses: fewlinesco/fly-io-review-apps@v3.1
     with:
       postgres: true
 ```
@@ -125,7 +125,7 @@ steps:
 
   - name: Deploy app
     id: deploy
-    uses: fewlinesco/fly-io-review-apps@v3.0
+    uses: fewlinesco/fly-io-review-apps@v3.1
     with:
       postgres: true
       region: cdg
@@ -146,7 +146,7 @@ steps:
   - uses: actions/checkout@v3
 
   - name: Deploy redis
-    uses: fewlinesco/fly-io-review-apps@v3.0
+    uses: fewlinesco/fly-io-review-apps@v3.1
     with:
       update: false # Don't need to re-deploy redis when the PR is updated
       path: redis # Keep fly.toml in a subdirectory to avoid confusing flyctl
@@ -155,7 +155,7 @@ steps:
 
   - name: Deploy app
     id: deploy
-    uses: fewlinesco/ffly-io-review-apps@v3.0
+    uses: fewlinesco/ffly-io-review-apps@v3.1
     with:
       name: pr-${{ github.event.number }}-myapp-app
 ```
diff --git a/entrypoint.sh b/entrypoint.sh
index ca81d58..893e67a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -42,7 +42,6 @@ fi
 # Create (using launch as create doesn't accept --region) the Fly app OR update the existing one.
 if ! flyctl status --app "$app"; then
   flyctl launch --force-machines --copy-config --name "$app" --org "$org" --image "$image" --region "$region" --no-deploy
-  flyctl scale count 2 --app "$app"
   flyctl ips allocate-v4 --app "$app" --region "$region" --shared
   flyctl ips allocate-v6 --app "$app"
 
@@ -76,12 +75,28 @@ if ! flyctl status --app "$app"; then
   else # If PostgreSQL is not requested, just deploy the application
     flyctl deploy --app "$app" --image "$image" --region "$region"
   fi
-else # If the App already exists, deploy it again and reset secrets
+
+  # Set current secrets for future deployments as they are not persisted when used with --env above
+  bash -c "flyctl secrets set --app "\""$app"\"" DATABASE_URL="\""$new_connection_string"\"" $(for secret in $(echo $INPUT_SECRETS | tr ";" "\n") ; do
+    value="${secret}"
+    echo -n " $secret='${!value}' "
+  done) || true"
+
+  # Scale the app to 2 instances
+  flyctl scale count 2 --app "$app"
+else 
+  # If the App already exists, deploy it again with secrets as they may have changed
   if [ "$INPUT_UPDATE" != "false" ]; then
     bash -c "flyctl deploy --app "\""$app"\"" --image "\""$image"\"" --region "\""$region"\"" --strategy bluegreen $(for secret in $(echo $INPUT_SECRETS | tr ";" "\n") ; do
       value="${secret}"
       echo -n "--env $secret='${!value}' "
     done)"
+
+    # Still need to re-set secrets for future deployments as they are not persisted when used with --env above
+    bash -c "flyctl secrets set --app "\""$app"\"" $(for secret in $(echo $INPUT_SECRETS | tr ";" "\n") ; do
+      value="${secret}"
+      echo -n " $secret='${!value}' "
+    done) || true"
   fi
 fi