Update handling of secrets
Some checks failed
Build And Publish / BuildAndPublish (push) Failing after 1m39s

This commit is contained in:
r-freeman 2024-08-23 15:38:25 +01:00
parent d4c5abe5f4
commit 033c0222ed
3 changed files with 58 additions and 8 deletions

View File

@ -1,3 +1,4 @@
node_modules node_modules
.git .git
.next .next
.env

View File

@ -32,13 +32,29 @@ jobs:
[registry."docker.io"] [registry."docker.io"]
mirrors = ["mirror.gcr.io"] mirrors = ["mirror.gcr.io"]
- name: Build and push Docker image # - name: Build and push Docker image
uses: https://github.com/docker/build-push-action@v6 # uses: https://github.com/docker/build-push-action@v6
with: # with:
context: . # context: .
file: ./Dockerfile # file: ./Dockerfile
push: true # push: true
tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1 # tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
- name: Build Docker image
run: |
DOCKER_BUILDKIT=1 docker build --secret id=SPOTIFY_CLIENT_ID,src=.env \
--secret id=SPOTIFY_CLIENT_SECRET,src=.env \
--secret id=SPOTIFY_REFRESH_TOKEN,src=.env \
--secret id=NEXT_PUBLIC_SITE_URL,src=.env \
--secret id=GITHUB_ACCESS_TOKEN,src=.env \
--secret id=GITHUB_USERNAME,src=.env \
--secret id=GITHUB_CLIENT_ID,src=.env \
--secret id=GITHUB_SECRET,src=.env \
--secret id=NEXT_PUBLIC_SUPABASE_URL,src=.env \
--secret id=NEXT_PUBLIC_SUPABASE_ANON_KEY,src=.env \
--secret id=SUPABASE_SERVICE_ROLE_KEY,src=.env \
-t ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1 \
.
- name: Push the Docker image - name: Push the Docker image
run: | run: |

View File

@ -6,6 +6,39 @@ FROM base AS deps
RUN apk add --no-cache libc6-compat RUN apk add --no-cache libc6-compat
WORKDIR /app WORKDIR /app
RUN --mount=type=secret,id=SPOTIFY_CLIENT_ID \
export SPOTIFY_CLIENT_ID=$(cat /run/secrets/SPOTIFY_CLIENT_ID)
RUN --mount=type=secret,id=SPOTIFY_CLIENT_SECRET \
export SPOTIFY_CLIENT_SECRET=$(cat /run/secrets/SPOTIFY_CLIENT_SECRET)
RUN --mount=type=secret,id=SPOTIFY_REFRESH_TOKEN \
export SPOTIFY_REFRESH_TOKEN=$(cat /run/secrets/SPOTIFY_REFRESH_TOKEN)
RUN --mount=type=secret,id=NEXT_PUBLIC_SITE_URL \
export NEXT_PUBLIC_SITE_URL=$(cat /run/secrets/NEXT_PUBLIC_SITE_URL)
RUN --mount=type=secret,id=GITHUB_ACCESS_TOKEN \
export GITHUB_ACCESS_TOKEN=$(cat /run/secrets/GITHUB_ACCESS_TOKEN)
RUN --mount=type=secret,id=GITHUB_USERNAME \
export GITHUB_USERNAME=$(cat /run/secrets/GITHUB_USERNAME)
RUN --mount=type=secret,id=GITHUB_CLIENT_ID \
export GITHUB_CLIENT_ID=$(cat /run/secrets/GITHUB_CLIENT_ID)
RUN --mount=type=secret,id=GITHUB_SECRET \
export GITHUB_SECRET=$(cat /run/secrets/GITHUB_SECRET)
RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_URL \
export NEXT_PUBLIC_SUPABASE_URL=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_URL)
RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_ANON_KEY \
export NEXT_PUBLIC_SUPABASE_ANON_KEY=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_ANON_KEY)
RUN --mount=type=secret,id=SUPABASE_SERVICE_ROLE_KEY \
export SUPABASE_SERVICE_ROLE_KEY=$(cat /run/secrets/SUPABASE_SERVICE_ROLE_KEY)
# Install dependencies based on the preferred package manager # Install dependencies based on the preferred package manager
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./ COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
RUN \ RUN \