Skip to content

Commit

Permalink
feat: pushing to ECR instead of Digital ocean (#78)
Browse files Browse the repository at this point in the history
* don't bake in the sensitive values on build time

* push to ecr instead, remove baked in envs in dockerfile
  • Loading branch information
HenrySpartGlobal authored Apr 9, 2024
1 parent 5e82ce0 commit 79ee652
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 33 deletions.
36 changes: 10 additions & 26 deletions .github/workflows/deploy-live.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,34 +25,18 @@ jobs:

- name: Build Docker image
run: |
docker build -t in-house-queue-site \
--build-arg DATABASE_URL=${{ secrets.DATABASE_URL }} \
--build-arg NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} \
--build-arg DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }} \
--build-arg DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }} \
--build-arg UPSTASH_REDIS_REST_URL=${{ secrets.UPSTASH_REDIS_REST_URL }} \
--build-arg UPSTASH_REDIS_REST_TOKEN=${{ secrets.UPSTASH_REDIS_REST_TOKEN }} \
.
docker build -t in-house-queue-site .
- name: Install doctl
uses: digitalocean/action-doctl@v2
- name: Login to Amazon ECR
uses: aws-actions/configure-aws-credentials@v4
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 600

- name: Get the latest release tag
id: latest_release
run: |
tag=$(curl -s -H "Authorization: token ${{ secrets.GH_TOKEN }}" "https://api.github.com/repos/${{ env.REPO_OWNER }}/${{ env.REPO_NAME }}/releases/latest" | jq -r ".tag_name")
echo "TAG=$tag" >> $GITHUB_ENV
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1

- name: Tag and push Docker image
run: |
export DO_REPOSITORY=${{ secrets.DO_REPO }}
TAG=${{ env.TAG }}
echo "Tagging image as $DO_REPOSITORY:$TAG"
docker tag in-house-queue-site $DO_REPOSITORY:$TAG
echo "Pushing image..."
docker push $DO_REPOSITORY:$TAG
export ECR_REPOSITORY=${{ secrets.ECR_REPO }}
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR_REPOSITORY
docker tag inhousequeue-site:latest $ECR_REPOSITORY:latest
docker push $ECR_REPOSITORY:latest
8 changes: 1 addition & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,7 @@ RUN \
FROM base AS runner
WORKDIR /app

ENV NODE_ENV=production \
DATABASE_URL=$DATABASE_URL \
NEXTAUTH_SECRET=$NEXTAUTH_SECRET \
DISCORD_CLIENT_ID=$DISCORD_CLIENT_ID \
DISCORD_CLIENT_SECRET=$DISCORD_CLIENT_SECRET \
UPSTASH_REDIS_REST_URL=$UPSTASH_REDIS_REST_URL \
UPSTASH_REDIS_REST_TOKEN=$UPSTASH_REDIS_REST_TOKEN
ENV NODE_ENV=production

# Uncomment the following line in case you want to disable telemetry during runtime.
# ENV NEXT_TELEMETRY_DISABLED 1
Expand Down

0 comments on commit 79ee652

Please sign in to comment.