From 79ee6522985a7e893a34037dc6f77428923b75ae Mon Sep 17 00:00:00 2001 From: Henry <31442053+HenrySpartGlobal@users.noreply.github.com> Date: Tue, 9 Apr 2024 18:51:12 +0100 Subject: [PATCH] feat: pushing to ECR instead of Digital ocean (#78) * don't bake in the sensitive values on build time * push to ecr instead, remove baked in envs in dockerfile --- .github/workflows/deploy-live.yml | 36 +++++++++---------------------- Dockerfile | 8 +------ 2 files changed, 11 insertions(+), 33 deletions(-) diff --git a/.github/workflows/deploy-live.yml b/.github/workflows/deploy-live.yml index b8a11cb..8254186 100644 --- a/.github/workflows/deploy-live.yml +++ b/.github/workflows/deploy-live.yml @@ -25,34 +25,18 @@ jobs: - name: Build Docker image run: | - docker build -t in-house-queue-site \ - --build-arg DATABASE_URL=${{ secrets.DATABASE_URL }} \ - --build-arg NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} \ - --build-arg DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }} \ - --build-arg DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }} \ - --build-arg UPSTASH_REDIS_REST_URL=${{ secrets.UPSTASH_REDIS_REST_URL }} \ - --build-arg UPSTASH_REDIS_REST_TOKEN=${{ secrets.UPSTASH_REDIS_REST_TOKEN }} \ - . + docker build -t in-house-queue-site . - - name: Install doctl - uses: digitalocean/action-doctl@v2 + - name: Login to Amazon ECR + uses: aws-actions/configure-aws-credentials@v4 with: - token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - - - name: Log in to DigitalOcean Container Registry with short-lived credentials - run: doctl registry login --expiry-seconds 600 - - - name: Get the latest release tag - id: latest_release - run: | - tag=$(curl -s -H "Authorization: token ${{ secrets.GH_TOKEN }}" "https://api.github.com/repos/${{ env.REPO_OWNER }}/${{ env.REPO_NAME }}/releases/latest" | jq -r ".tag_name") - echo "TAG=$tag" >> $GITHUB_ENV + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 - name: Tag and push Docker image run: | - export DO_REPOSITORY=${{ secrets.DO_REPO }} - TAG=${{ env.TAG }} - echo "Tagging image as $DO_REPOSITORY:$TAG" - docker tag in-house-queue-site $DO_REPOSITORY:$TAG - echo "Pushing image..." - docker push $DO_REPOSITORY:$TAG \ No newline at end of file + export ECR_REPOSITORY=${{ secrets.ECR_REPO }} + aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR_REPOSITORY + docker tag inhousequeue-site:latest $ECR_REPOSITORY:latest + docker push $ECR_REPOSITORY:latest \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 3fc752e..6274c0f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,13 +46,7 @@ RUN \ FROM base AS runner WORKDIR /app -ENV NODE_ENV=production \ - DATABASE_URL=$DATABASE_URL \ - NEXTAUTH_SECRET=$NEXTAUTH_SECRET \ - DISCORD_CLIENT_ID=$DISCORD_CLIENT_ID \ - DISCORD_CLIENT_SECRET=$DISCORD_CLIENT_SECRET \ - UPSTASH_REDIS_REST_URL=$UPSTASH_REDIS_REST_URL \ - UPSTASH_REDIS_REST_TOKEN=$UPSTASH_REDIS_REST_TOKEN +ENV NODE_ENV=production # Uncomment the following line in case you want to disable telemetry during runtime. # ENV NEXT_TELEMETRY_DISABLED 1