Update handling of secrets
Some checks failed
Build And Publish / BuildAndPublish (push) Failing after 1m39s

This commit is contained in:
r-freeman 2024-08-23 15:38:25 +01:00
parent d4c5abe5f4
commit 033c0222ed
3 changed files with 58 additions and 8 deletions

View File

@ -1,3 +1,4 @@
node_modules
.git
.next
.next
.env

View File

@ -32,13 +32,29 @@ jobs:
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Build and push Docker image
uses: https://github.com/docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
push: true
tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
# - name: Build and push Docker image
# uses: https://github.com/docker/build-push-action@v6
# with:
# context: .
# file: ./Dockerfile
# push: true
# tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
- name: Build Docker image
run: |
DOCKER_BUILDKIT=1 docker build --secret id=SPOTIFY_CLIENT_ID,src=.env \
--secret id=SPOTIFY_CLIENT_SECRET,src=.env \
--secret id=SPOTIFY_REFRESH_TOKEN,src=.env \
--secret id=NEXT_PUBLIC_SITE_URL,src=.env \
--secret id=GITHUB_ACCESS_TOKEN,src=.env \
--secret id=GITHUB_USERNAME,src=.env \
--secret id=GITHUB_CLIENT_ID,src=.env \
--secret id=GITHUB_SECRET,src=.env \
--secret id=NEXT_PUBLIC_SUPABASE_URL,src=.env \
--secret id=NEXT_PUBLIC_SUPABASE_ANON_KEY,src=.env \
--secret id=SUPABASE_SERVICE_ROLE_KEY,src=.env \
-t ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1 \
.
- name: Push the Docker image
run: |

View File

@ -6,6 +6,39 @@ FROM base AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
RUN --mount=type=secret,id=SPOTIFY_CLIENT_ID \
export SPOTIFY_CLIENT_ID=$(cat /run/secrets/SPOTIFY_CLIENT_ID)
RUN --mount=type=secret,id=SPOTIFY_CLIENT_SECRET \
export SPOTIFY_CLIENT_SECRET=$(cat /run/secrets/SPOTIFY_CLIENT_SECRET)
RUN --mount=type=secret,id=SPOTIFY_REFRESH_TOKEN \
export SPOTIFY_REFRESH_TOKEN=$(cat /run/secrets/SPOTIFY_REFRESH_TOKEN)
RUN --mount=type=secret,id=NEXT_PUBLIC_SITE_URL \
export NEXT_PUBLIC_SITE_URL=$(cat /run/secrets/NEXT_PUBLIC_SITE_URL)
RUN --mount=type=secret,id=GITHUB_ACCESS_TOKEN \
export GITHUB_ACCESS_TOKEN=$(cat /run/secrets/GITHUB_ACCESS_TOKEN)
RUN --mount=type=secret,id=GITHUB_USERNAME \
export GITHUB_USERNAME=$(cat /run/secrets/GITHUB_USERNAME)
RUN --mount=type=secret,id=GITHUB_CLIENT_ID \
export GITHUB_CLIENT_ID=$(cat /run/secrets/GITHUB_CLIENT_ID)
RUN --mount=type=secret,id=GITHUB_SECRET \
export GITHUB_SECRET=$(cat /run/secrets/GITHUB_SECRET)
RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_URL \
export NEXT_PUBLIC_SUPABASE_URL=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_URL)
RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_ANON_KEY \
export NEXT_PUBLIC_SUPABASE_ANON_KEY=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_ANON_KEY)
RUN --mount=type=secret,id=SUPABASE_SERVICE_ROLE_KEY \
export SUPABASE_SERVICE_ROLE_KEY=$(cat /run/secrets/SUPABASE_SERVICE_ROLE_KEY)
# Install dependencies based on the preferred package manager
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
RUN \