Get prod config values from github secrets (#4)

igiai · Sep 15, 2023 · 0a01f39 · 0a01f39
1 parent dc22068
commit 0a01f39
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -19,6 +19,23 @@ jobs:
     - name: Login to Amazon ECR
       id: login-ecr # Here we specify id to be able to link to this steps output in the next step
       uses: aws-actions/amazon-ecr-login@v1
+    # In tutorial, here is a step to retrieve config values, which are sensitvie data(secrets), from AWS secret manager
+    # The idea is simple, these values are safely stored on AWS and we can get them using awscli, they are in json format, so later we use jq to transform them to a format
+    # that can be passed to app.env to replace values stored there
+    # This way an image that is passed to ECR has an app.env file with values retrieved from AWS secret manager and then viper reads these values from a file as in local instance
+    # The same effect can be achieved by declaring secrets in GitHub secrets and then retrieving them here when actions are ran or when using k8s, these values can be passed
+    # in secrets file, that way they are declared as env vars and viper can read them
+    # - name: Load secrets and save to app.env
+    #   run: aws secretsmanager get-secret-value --secret-id simple_bank --query SecretString --output text | jq -r 'to_entries|map("\(.key)=\(.value)")|.[]' > app.env
+    - name: Set prod config values
+      env:
+        DB_SOURCE: ${{ secrets.DB_SOURCE }}
+        TOKEN_SYMMETRIC_KEY: ${{ secrets.TOKEN_SYMMETRIC_KEY }}
+      run: echo "DB_DRIVER=postgres
+                DB_SOURCE=${DB_SOURCE}
+                SERVER_ADDRESS=0.0.0.0:8080
+                TOKEN_SYMMETRIC_KEY=${TOKEN_SYMMETRIC_KEY}
+                ACCESS_TOKEN_DURATION=15m" > app.env
     - name: Build, tag, and push docker image to Amazon ECR
       env:
         REGISTRY: ${{ steps.login-ecr.outputs.registry }}

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -27,7 +27,7 @@ services:
 # as a prefix for the images, containers, network and as a name of the app in the docker desktop app
 
 # When using docker in general, when postgres is created from image and POSTGRES_DB=<my_db> is specified
-# the default db created inside will be named "my_db"
+# the default db is created inside and it will be named "my_db"
 
 # "-" indicates that the value is a part of a list
 # if "-" is not used it means that value is key-value pair in a dictionary

diff --git a/start.sh b/start.sh
@@ -5,7 +5,10 @@
 set -e
 
 echo "run db migration"
-# DB_SOURCE is defined in the docker-compose.yaml and the below command will late use its value
+# If Dockerfile is not run with docker-compose, DB_SOURCE env var is not defined, so we must extract env var values from the app.env
+# file so that it can be used in the migrate step here
+source /app/app.env
+# When ran with dokcer-composee DB_SOURCE is defined in the docker-compose.yaml and the below command will later use its value
 /app/migrate -path /app/migration -database "$DB_SOURCE" -verbose up
 
 echo "start the app"