diff --git a/.github/workflows/deployapi.yml b/.github/workflows/deployapi.yml index d42d5c62..a792d457 100644 --- a/.github/workflows/deployapi.yml +++ b/.github/workflows/deployapi.yml @@ -50,8 +50,9 @@ jobs: --build-arg admin_password=${{ env.ADP }} \ --build-arg admin_email=${{ env.ADE }} \ --build-arg region=${{ env.AWS_REGION }} \ - --secret id=ak,env=${{ secrets.API_AK }} \ - --secret id=sak,env=${{ secrets.API_SAK }} \ + --build-arg ak=${{ secrets.API_AK }} \ + --build-arg sak=${{ secrets.API_SAK }} \ + --build-arg PEM=${{ secrets.PEM }} \ -f Dockerfile.prod . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV diff --git a/valhub/Dockerfile.prod b/valhub/Dockerfile.prod index 91455d1b..da0540c4 100644 --- a/valhub/Dockerfile.prod +++ b/valhub/Dockerfile.prod @@ -6,6 +6,9 @@ WORKDIR /root RUN apt-get update && apt-get install -y gawk ARG region=us-west-2 +ARG ak +ARG sak +ARG PEM # Copy AWS and PEM configuration if needed # Manually add the files to copy if not included in the host system RUN mkdir -p .aws @@ -13,18 +16,15 @@ RUN mkdir -p .pem WORKDIR /root/.aws -RUN --mount=type=secret,id=ak \ - --mount=type=secret,id=sak \ - awk -v ak="$(cat /run/secrets/ak)" -v sak="$(cat /run/secrets/sak)" \ +RUN awk -v ak="${ak}" -v sak="${sak}" \ 'BEGIN {print "[default]\naws_access_key_id = " ak "\naws_secret_access_key = " sak > "/root/.aws/credentials"}' -RUN awk -v region=region \ +RUN awk -v region=${region} \ 'BEGIN {print "[default]\nregion = " region > "/root/.aws/config"}' WORKDIR /root/.pem -RUN --mount=type=secret,id=PEM \ - awk -v pem="$(cat /run/secrets/PEM)" \ +RUN awk -v pem="${PEM}" \ 'BEGIN {print pem > "/root/.pem/private-key.pem"}' RUN chmod 400 /root/.pem/private-key.pem