md-coops
commented
3 weeks ago @eyalch. I can see you made some changes around this functionality recently. Have you got it to work reliably? Perhaps you can see some issue with my configuration.
Open md-coops opened 3 weeks ago
md-coops
commented
3 weeks ago @eyalch. I can see you made some changes around this functionality recently. Have you got it to work reliably? Perhaps you can see some issue with my configuration.
markusthoemmes
commented
3 weeks ago You have a typo in that secret ref SOME_VAIRIABLE_FROM_REPSOITORY. Can you ensure that the secret in Github is actually named this way? Things have seem to gone fine for TEST_SECRET_FROM_GITHUB
md-coops
commented
3 weeks ago Thanks Mark. 100% typos. I also was accessing the variables incorrectly inside Github actions too. env.SOME_VAR is incorrect, vars.SOME_VARS is correct. Long day!
md-coops
commented
3 weeks ago However I have stumbled across a slightly more interesting issue.
In my app I use some serverless functions, these are referenced in the .do/app.yaml but are configured in serverless_functions/project.yaml.
serverless_functions/project.yaml
packages:
- name: native-auth
shared: false
environment:
DB_CA_CERT: "${DB_CA_CERT}"
DB_PORT: "${DB_PORT}"
DB_USER: "${DB_USER}"
DB_HOST: "${DB_HOST}"
DB_NAME: "${DB_NAME}"
DB_PASSWORD: "${DB_PASSWORD}"
SG_API_KEY: "${SG_API_KEY}"
SG_SENDER_ADDRESS: "${SG_SENDER_ADDRESS}"
JWT_SECRET: "${JWT_SECRET}"
functions:
- name: generate-token
binary: false
runtime: nodejs:18
web: true
- name: verify-token
binary: false
runtime: nodejs:18
web: truesnapshot of .do/app.yaml.
name: tester
envs:
- key: DB_CA_CERT
value: ${DB_CA_CERT_GITHUB}
scope: RUN_AND_BUILD_TIME
type: SECRET
- key: DB_PASSWORD
value: <currently-hardcoded>
scope: RUN_AND_BUILD_TIME
type: SECRET
-----------------------------------------
functions:
- name: serverless-functions
github:
repo: bionysus/digital_ocean_app_platform
branch: main
deploy_on_push: true
source_dir: serverless_functions
routes:
- path: /functions
envs:
- key: JWT_SECRET
value: <currently-hardcoded>
scope: RUN_TIME
type: SECRETThese References work when envs values are 'hardcoded' in .do/app.yaml. But when I replace those hardcoded env values with github secrets and vars I get buildtime errors.
It seems that when building the serverless functions in Digital Ocean, the github injected values are not there! I get the following error.
I wonder if this is something to do with my mono repo style setup. Or weather there is a 'trick' I am missing to make these environment variables available to the serverless functions too.
@markusthoemmes - would you be able to shed some light?
Is it worth me changing the title of this issue?
markusthoemmes
commented
3 weeks ago To the system, there's no difference between "Github injected values" and "hardcoded values" really. The substitution is done in the Github Action and so to App Platform, it's all the same.
As such: Are you correctly connecting the dots by passing the DB_CA_CERT_GITHUB secret into the action as an env var, so that it can replace it in app.yaml?
When following the docs in the GH marketplace, I cannot get the secrets or vars to propagating into my DO app.
This is my configuration, it is exactly like the docs. When I commit this main the deployment runs but the values do not propagate to Digital Ocean.
app.yamlworkflow/deploy_app.ymlDo you have any idea what I am doing wrong?