Fix for deployment to handle .env parameters from github secret in ba…

…se64 encoded format
0xPolygon · Dec 12, 2024 · 0357e3e · 0357e3e
1 parent b2344c9
commit 0357e3e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/.github/workflows/ecs_deploy_docker_taskdef.yaml b/.github/workflows/ecs_deploy_docker_taskdef.yaml
@@ -36,12 +36,16 @@ on:
         required: false
         default: "staging"
         type: string
+      env_file_secret_var:
+        required: false
+        default: ""
+        type: string
+        description: "Variable name containing b64 encoded data for .env file"
     secrets:
       build_params_gh_secret_keys:
         required: false
         description: "Pass github secrets in json format for supporting docker build"
-
-
+
 jobs:
   deploy_workflow:
     name: Deploy ${{ inputs.app_name }}
@@ -81,6 +85,13 @@ jobs:
             jq -r 'to_entries | .[] | "\(.key)=\(.value)"' secrets.json >> $GITHUB_ENV
           fi
 
+      - name: Set up secrets from base64 encoded secret to .env file in code directory
+        run: |
+          if [[ -n "${{ inputs.env_file_secret_var }}" ]]; then
+            echo "Fetching and decoding .env file data from secret.${{ inputs.env_file_secret_var }}"
+            echo "${{ secrets[inputs.env_file_secret_var] }}" | base64 -d > code/.env
+          fi
+
       - name: Set variables
         run: |
           if [ "${{ inputs.taskdef_file_script }}" == "local" ]; then

diff --git a/.github/workflows/npm_build_deploy_default.yaml b/.github/workflows/npm_build_deploy_default.yaml
@@ -24,6 +24,11 @@ on:
         required: false
         default: "staging"
         type: string
+      env_file_secret_var:
+        required: false
+        default: ""
+        type: string
+        description: "Variable name containing b64 encoded data for .env file"      
     secrets:
       build_params_gh_secret_keys:
         required: false
@@ -61,7 +66,7 @@ jobs:
         run: |
           if [ -n "${{ secrets.build_params_gh_secret_keys }}" ]; then
             echo "${{ secrets.build_params_gh_secret_keys }}" > secrets.json
-          fi
+          fi      
 
       - name: Parse secrets and set environment variables
         run: |
@@ -70,6 +75,13 @@ jobs:
             jq -r 'to_entries | .[] | "\(.key)=\(.value)"' secrets.json >> $GITHUB_ENV
           fi
 
+      - name: Set up secrets from base64 encoded secret to .env file in code directory
+        run: |
+          if [[ -n "${{ inputs.env_file_secret_var }}" ]]; then
+            echo "Fetching and decoding .env file data from secret.${{ inputs.env_file_secret_var }}"
+            echo "${{ secrets[inputs.env_file_secret_var] }}" | base64 -d > code/.env
+          fi
+
       - name: INSTALL
         run: npm install