From 7d510471c3dda0a1aba1a5644de06591b25e90d5 Mon Sep 17 00:00:00 2001 From: Claudio Mello Date: Mon, 26 Aug 2024 18:26:05 -0300 Subject: [PATCH 1/3] feat: getting secrets from secrets manager --- .github/workflows/deploy_dev.yml | 52 ++++----------- .github/workflows/deploy_production.yml | 52 ++++----------- .github/workflows/deploy_staging.yml | 52 ++++----------- apps/portal/Dockerfile | 87 +++++++------------------ apps/portal/entrypoint.sh | 12 ++++ 5 files changed, 75 insertions(+), 180 deletions(-) create mode 100755 apps/portal/entrypoint.sh diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 28dd4f3e7..4b46bfded 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -10,9 +10,11 @@ jobs: name: Deploy to Dev runs-on: ubuntu-latest env: + ENV: development CLUSTER_NAME: systems-intuition-dev-cluster SERVICE_NAME: portal-intuition-dev ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-dev:latest + SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.dev-9XdIU9 steps: - name: Check if important variables are set @@ -34,10 +36,11 @@ jobs: - name: Print variables shell: bash run: | - echo "ENV=$ENV" - echo "CLUSTER_NAME=$CLUSTER_NAME" - echo "SERVICE_NAME=$SERVICE_NAME" - echo "ECR_IMAGE=$ECR_IMAGE" + echo "ENV=${{ env.ENV }}" + echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}" + echo "SERVICE_NAME=${{ env.SERVICE_NAME }}" + echo "ECR_IMAGE=${{ env.ECR_IMAGE }}" + echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}" - name: Checkout code uses: actions/checkout@v4 @@ -72,43 +75,14 @@ jobs: - name: Build, tag, and push image to AWS ECR run: | - echo "${{ secrets.PRIVY_VERIFICATION_KEY_DEV }}" > privy_verification_key.pem - docker build \ - --platform linux/x86_64 \ - -t portal \ - -f apps/portal/Dockerfile \ - . \ - --build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \ - --build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \ - --build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \ - --build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \ - --build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \ - --build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \ - --build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \ - --build-arg API_URL=${{ secrets.API_URL }} \ - --build-arg API_KEY=${{ secrets.API_KEY }} \ - --build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID }} \ - --build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET }} \ - --build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \ - --build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \ - --build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \ - --build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \ - --build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \ - --build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \ - --build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \ - --build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \ - --build-arg VITE_DEPLOY_ENV=development \ - --build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_DEVELOPMENT }} \ - --build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \ - --build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \ - --build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \ - --build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \ - --build-arg FF_FULL_LOCKDOWN_ENABLED=false \ - --build-arg FF_GENERIC_BANNER_ENABLED=true \ - --build-arg FF_INCIDENT_BANNER_ENABLED=false + docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ + --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ + --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ + --build-arg AWS_REGION=${{ secrets.AWS_REGION }} docker tag portal ${{ env.ECR_IMAGE }} docker push ${{ env.ECR_IMAGE }} - rm privy_verification_key.pem - name: Download task definition shell: bash diff --git a/.github/workflows/deploy_production.yml b/.github/workflows/deploy_production.yml index 0e11de7cf..9eafd9dd7 100644 --- a/.github/workflows/deploy_production.yml +++ b/.github/workflows/deploy_production.yml @@ -11,9 +11,11 @@ jobs: name: Deploy to Production runs-on: ubuntu-latest env: + ENV: production CLUSTER_NAME: systems-intuition-production-cluster SERVICE_NAME: portal-intuition-production ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-production:latest + SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.production-j8YmqZ steps: - name: Check if important variables are set @@ -35,10 +37,11 @@ jobs: - name: Print variables shell: bash run: | - echo "ENV=$ENV" - echo "CLUSTER_NAME=$CLUSTER_NAME" - echo "SERVICE_NAME=$SERVICE_NAME" - echo "ECR_IMAGE=$ECR_IMAGE" + echo "ENV=${{ env.ENV }}" + echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}" + echo "SERVICE_NAME=${{ env.SERVICE_NAME }}" + echo "ECR_IMAGE=${{ env.ECR_IMAGE }}" + echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}" - name: Checkout code uses: actions/checkout@v4 @@ -73,43 +76,14 @@ jobs: - name: Build, tag, and push image to AWS ECR run: | - echo "${{ secrets.PRIVY_VERIFICATION_KEY_PROD }}" > privy_verification_key.pem - docker build \ - --platform linux/x86_64 \ - -t portal \ - -f apps/portal/Dockerfile \ - . \ - --build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \ - --build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \ - --build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \ - --build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \ - --build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \ - --build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \ - --build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \ - --build-arg API_URL=${{ secrets.API_URL_PRODUCTION }} \ - --build-arg API_KEY=${{ secrets.API_KEY }} \ - --build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID_PRODUCTION }} \ - --build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET_PRODUCTION }} \ - --build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \ - --build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \ - --build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \ - --build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \ - --build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \ - --build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \ - --build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \ - --build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \ - --build-arg VITE_DEPLOY_ENV=production \ - --build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_PRODUCTION }} \ - --build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \ - --build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \ - --build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \ - --build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \ - --build-arg FF_FULL_LOCKDOWN_ENABLED=false \ - --build-arg FF_GENERIC_BANNER_ENABLED=true \ - --build-arg FF_INCIDENT_BANNER_ENABLED=false + docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ + --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ + --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ + --build-arg AWS_REGION=${{ secrets.AWS_REGION }} docker tag portal ${{ env.ECR_IMAGE }} docker push ${{ env.ECR_IMAGE }} - rm privy_verification_key.pem - name: Download task definition shell: bash diff --git a/.github/workflows/deploy_staging.yml b/.github/workflows/deploy_staging.yml index 5c22002fc..7335693d5 100644 --- a/.github/workflows/deploy_staging.yml +++ b/.github/workflows/deploy_staging.yml @@ -11,9 +11,11 @@ jobs: name: Deploy to Staging runs-on: ubuntu-latest env: + ENV: staging CLUSTER_NAME: systems-intuition-staging-cluster SERVICE_NAME: portal-intuition-staging ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-staging:latest + SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.staging-dw3JHq steps: - name: Check if important variables are set @@ -35,10 +37,11 @@ jobs: - name: Print variables shell: bash run: | - echo "ENV=$ENV" - echo "CLUSTER_NAME=$CLUSTER_NAME" - echo "SERVICE_NAME=$SERVICE_NAME" - echo "ECR_IMAGE=$ECR_IMAGE" + echo "ENV=${{ env.ENV }}" + echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}" + echo "SERVICE_NAME=${{ env.SERVICE_NAME }}" + echo "ECR_IMAGE=${{ env.ECR_IMAGE }}" + echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}" - name: Checkout code uses: actions/checkout@v4 @@ -73,43 +76,14 @@ jobs: - name: Build, tag, and push image to AWS ECR run: | - echo "${{ secrets.PRIVY_VERIFICATION_KEY_PROD }}" > privy_verification_key.pem - docker build \ - --platform linux/x86_64 \ - -t portal \ - -f apps/portal/Dockerfile \ - . \ - --build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \ - --build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \ - --build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \ - --build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \ - --build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \ - --build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \ - --build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \ - --build-arg API_URL=${{ secrets.API_URL_PRODUCTION }} \ - --build-arg API_KEY=${{ secrets.API_KEY }} \ - --build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID_STAGING }} \ - --build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET_STAGING }} \ - --build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \ - --build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \ - --build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \ - --build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \ - --build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \ - --build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \ - --build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \ - --build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \ - --build-arg VITE_DEPLOY_ENV=staging \ - --build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_PRODUCTION }} \ - --build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \ - --build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \ - --build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \ - --build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \ - --build-arg FF_FULL_LOCKDOWN_ENABLED=false \ - --build-arg FF_INCIDENT_BANNER_ENABLED=false \ - --build-arg FF_GENERIC_BANNER_ENABLED=true + docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ + --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ + --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ + --build-arg AWS_REGION=${{ secrets.AWS_REGION }} docker tag portal ${{ env.ECR_IMAGE }} docker push ${{ env.ECR_IMAGE }} - rm privy_verification_key.pem - name: Download task definition shell: bash diff --git a/apps/portal/Dockerfile b/apps/portal/Dockerfile index 0205cb6c6..049e34dc5 100644 --- a/apps/portal/Dockerfile +++ b/apps/portal/Dockerfile @@ -1,73 +1,22 @@ FROM docker.io/node:lts-alpine as base -ARG ALCHEMY_MAINNET_API_KEY=${ALCHEMY_MAINNET_API_KEY} -ARG ALCHEMY_API_KEY=${ALCHEMY_API_KEY} -ARG ALCHEMY_MAINNET_RPC_URL=${ALCHEMY_MAINNET_RPC_URL} -ARG ALCHEMY_BASE_SEPOLIA_RPC_URL=${ALCHEMY_BASE_SEPOLIA_RPC_URL} -ARG ALCHEMY_BASE_RPC_URL=${ALCHEMY_BASE_RPC_URL} -ARG WALLETCONNECT_PROJECT_ID=${WALLETCONNECT_PROJECT_ID} -ARG SESSION_SECRET=${SESSION_SECRET} -ARG API_URL=${API_URL} -ARG API_KEY=${API_KEY} -ARG PRIVY_APP_ID=${PRIVY_APP_ID} -ARG PRIVY_APP_SECRET=${PRIVY_APP_SECRET} -ARG PRIVY_VERIFICATION_KEY=${PRIVY_VERIFICATION_KEY} -ARG CLOUDINARY_CLOUD_NAME=${CLOUDINARY_CLOUD_NAME} -ARG CLOUDINARY_API_KEY=${CLOUDINARY_API_KEY} -ARG CLOUDINARY_API_SECRET=${CLOUDINARY_API_SECRET} -ARG SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN} -ARG SENTRY_DSN=${SENTRY_DSN} -ARG SENTRY_ORG=${SENTRY_ORG} -ARG SENTRY_PROJECT=${SENTRY_PROJECT} -ARG ORIGIN_URL=${ORIGIN_URL} -ARG PHOSPHOR_API_KEY=${PHOSPHOR_API_KEY} -ARG PHOSPHOR_ADMIN_API_URL=${PHOSPHOR_ADMIN_API_URL} -ARG PHOSPHOR_COLLECTION_ID=${PHOSPHOR_COLLECTION_ID} -ARG GTM_TRACKING_ID=${GTM_TRACKING_ID} -ARG FF_FULL_LOCKDOWN_ENABLED=${FF_FULL_LOCKDOWN_ENABLED} -ARG FF_INCIDENT_BANNER_ENABLED=${FF_INCIDENT_BANNER_ENABLED} -ARG FF_GENERIC_BANNER_ENABLED=${FF_GENERIC_BANNER_ENABLED} -ARG VITE_DEPLOY_ENV=${VITE_DEPLOY_ENV} - -ENV ALCHEMY_MAINNET_API_KEY=${ALCHEMY_MAINNET_API_KEY} -ENV ALCHEMY_API_KEY=${ALCHEMY_API_KEY} -ENV ALCHEMY_MAINNET_RPC_URL=${ALCHEMY_MAINNET_RPC_URL} -ENV ALCHEMY_BASE_SEPOLIA_RPC_URL=${ALCHEMY_BASE_SEPOLIA_RPC_URL} -ENV ALCHEMY_BASE_RPC_URL=${ALCHEMY_BASE_RPC_URL} -ENV WALLETCONNECT_PROJECT_ID=${WALLETCONNECT_PROJECT_ID} -ENV SESSION_SECRET=${SESSION_SECRET} -ENV API_URL=${API_URL} -ENV API_KEY=${API_KEY} -ENV PRIVY_APP_ID=${PRIVY_APP_ID} -ENV PRIVY_APP_SECRET=${PRIVY_APP_SECRET} -ENV PRIVY_VERIFICATION_KEY=${PRIVY_VERIFICATION_KEY} -ENV CLOUDINARY_CLOUD_NAME=${CLOUDINARY_CLOUD_NAME} -ENV CLOUDINARY_API_KEY=${CLOUDINARY_API_KEY} -ENV CLOUDINARY_API_SECRET=${CLOUDINARY_API_SECRET} -ENV SENTRY_PROJECT=${SENTRY_PROJECT} -ENV SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN} -ENV SENTRY_DSN=${SENTRY_DSN} -ENV SENTRY_ORG=${SENTRY_ORG} -ENV ORIGIN_URL=${ORIGIN_URL} -ENV PHOSPHOR_API_KEY=${PHOSPHOR_API_KEY} -ENV PHOSPHOR_ADMIN_API_URL=${PHOSPHOR_ADMIN_API_URL} -ENV PHOSPHOR_COLLECTION_ID=${PHOSPHOR_COLLECTION_ID} -ENV GTM_TRACKING_ID=${GTM_TRACKING_ID} -ENV FF_FULL_LOCKDOWN_ENABLED=${FF_FULL_LOCKDOWN_ENABLED} -ENV FF_INCIDENT_BANNER_ENABLED=${FF_INCIDENT_BANNER_ENABLED} -ENV FF_GENERIC_BANNER_ENABLED=${FF_GENERIC_BANNER_ENABLED} -ENV VITE_DEPLOY_ENV=${VITE_DEPLOY_ENV} - WORKDIR /app +ARG SECRETS_MANAGER +ARG VITE_DEPLOY_ENV +ARG AWS_ACCESS_KEY_ID +ARG AWS_SECRET_ACCESS_KEY +ARG AWS_REGION + COPY package.json \ - project.json \ + project.json \ tsconfig* \ nx.json \ pnpm*.yaml \ - .eslintrc.base.cjs \ - .verdaccio \ + .eslintrc.base.cjs \ + .verdaccio \ ./ + COPY apps/portal ./apps/portal COPY packages ./packages @@ -75,8 +24,11 @@ RUN apk add --no-cache \ python3 \ make \ gcc \ - g++ + g++ \ + py3-pip \ + jq +RUN pip3 install --no-cache-dir awscli --break-system-packages RUN npm install -g pnpm@9.0.6 FROM base as build @@ -86,9 +38,18 @@ RUN pnpm run portal:build FROM base COPY --from=build /app /app + +ENV VITE_DEPLOY_ENV=$VITE_DEPLOY_ENV +ENV SECRETS_MANAGER=$SECRETS_MANAGER +ENV AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID +ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY +ENV AWS_REGION=$AWS_REGION ENV NX_REJECT_UNKNOWN_LOCAL_CACHE=0 ENV PORT=8080 ENV HOST=0.0.0.0 EXPOSE 8080 -CMD [ "pnpm", "run", "portal:start" ] + +RUN chmod +x ./apps/portal/entrypoint.sh + +ENTRYPOINT ["./apps/portal/entrypoint.sh"] diff --git a/apps/portal/entrypoint.sh b/apps/portal/entrypoint.sh new file mode 100755 index 000000000..752710383 --- /dev/null +++ b/apps/portal/entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID +aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY +aws configure set region $AWS_REGION +aws secretsmanager get-secret-value --secret-id $SECRETS_MANAGER --query SecretString --output text > secrets.json + +$(jq -r 'to_entries | .[] | "export \(.key)=\(.value)"' secrets.json) + +rm -rf secrets.json + +pnpm run portal:start \ No newline at end of file From e920869c6ceae3abf6f728de15627796c1517dac Mon Sep 17 00:00:00 2001 From: Claudio Mello Date: Fri, 13 Sep 2024 12:16:00 -0300 Subject: [PATCH 2/3] draft: change the branch to test the workflow online --- .github/workflows/deploy_dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 4b46bfded..f4f1601c2 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -3,7 +3,7 @@ name: Deploy Portal to Dev on: push: branches: - - main + - ENG-3274-secrets-to-dockerfile jobs: deploy-dev: From 5b17bf6dc2caf23b1e64b47a428ebd8d6e06e84e Mon Sep 17 00:00:00 2001 From: Claudio Mello Date: Fri, 13 Sep 2024 12:26:18 -0300 Subject: [PATCH 3/3] fix: missing slash on the docker command --- .github/workflows/deploy_dev.yml | 2 +- .github/workflows/deploy_production.yml | 2 +- .github/workflows/deploy_staging.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index f4f1601c2..e96dfd71e 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -77,7 +77,7 @@ jobs: run: | docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ - --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \ --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ --build-arg AWS_REGION=${{ secrets.AWS_REGION }} diff --git a/.github/workflows/deploy_production.yml b/.github/workflows/deploy_production.yml index 9eafd9dd7..8e9855f3f 100644 --- a/.github/workflows/deploy_production.yml +++ b/.github/workflows/deploy_production.yml @@ -78,7 +78,7 @@ jobs: run: | docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ - --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \ --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ --build-arg AWS_REGION=${{ secrets.AWS_REGION }} diff --git a/.github/workflows/deploy_staging.yml b/.github/workflows/deploy_staging.yml index 7335693d5..fa28f178e 100644 --- a/.github/workflows/deploy_staging.yml +++ b/.github/workflows/deploy_staging.yml @@ -78,7 +78,7 @@ jobs: run: | docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \ --build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \ - --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} + --build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \ --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ --build-arg AWS_REGION=${{ secrets.AWS_REGION }}