search

bhall2001 / serverless-nextjs-github-ci-cd

How to use Github actions to manage the CI/CD flow of a serverless-nextjs project.
MIT License
79 stars 11 forks source link

Github action doesn't pick up the secrets env variable #20

Closed jwdotpark closed 2 years ago

jwdotpark commented 2 years ago

next@12.1.1 serverless@2.72.2

Hi! I have a problem along with github action and secret env vars.

In local bash, using npx servereless directly works as intended, secrets are picked up from .env in the next build and functions are triggered with env variable just fine in the deployed app.

But when I deploy with github action, deployed app doesn't have env variable, I could see the cloudwatch log that it misses it and gives back 500 in the browser.

All the secrets are already saved as in repository secret, not environment secret.

staging.yml for github action image

serverless-staging.yml @ root

image

next.config.js image

I.. cannot fathom what would be a wrong part of the process for a good couple of day :D I suspected indentation or syntax error on github action script, I researched about it extensively with github action docs but it seems valid one. Like I wrote above, in local it works fine so I assume the problem is about github action not being able to pick up secrets but can't be sure..

I've followed https://github.com/bhall2001/serverless-nextjs-github-ci-cd/issues/5#issuecomment-768260080 as well but still missing env variable in the deployed one.

Lambda@edge supports environment variables via web console and I added manually but still doesn't work for some reason.

Any help would be very appreciated. Thank you for the great work!

jwdotpark commented 2 years ago

Turned out, secrets were picked up fine except prisma. I was able to check the log on each command in the action. At the end point API recognize the secrets just fine.

github action command log

...
Run actions/setup-node@v2-beta
  with:
    node-version: 16.14
    always-auth: false
    check-latest: false
    token: ***
  env:
    SOME_VALUE: ***
    ANOTHER_VALUE: ***
...

But prisma@3.13.0 with lambda@edge have some caveats.. it didn't pick up the secrets for some reason. Still not sure what was the root cause.

I ended up picking up secrets successfully with this: https://github.com/SpicyPizza/create-envfile. 

steps: 
    - name: Create .env file
        uses: SpicyPizza/create-envfile@v1
        with:
          envkey_SOME_VALUE: ${{ secrets.SOME_VALUE }}
...

It copies secrets into /github/workspace/.env while in build and now prisma picks up the secrets at the end point.

Hope this helps if someone got puzzled like me!