Closed jorlugaqui closed 2 years ago
@jorlugaqui Hey Jorge, thank you for your feature request!
Can you please help me understand how you’re injecting the MongoDB authentication credentials into your testing environment? Are you reading the values from environment variables and use them to connect to MongoDB? Or do you have hard-coded values in a configuration file in your app?
Hi @marcuspoehls.
I'm not sure if by testing environment
you mean the environment created by GitHub Actions or my local testing environment. So, I'll share both.
Local environment
I'm reading the values from environment variables and I use them to connect to the MongoDB server:
DB_HOST = os.environ.get('DB_HOST', 'localhost')
DB_NAME = os.environ.get('DB_NAME', '')
DB_USER = os.environ.get('DB_USER', '')
DB_PASSWORD = os.environ.get('DB_PASSWORD', '')
With values being injected via docker-compose like:
mongo:
image: mongo
restart: always
...
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
api:
...
environment:
...
DB_NAME: ${DB_NAME}
DB_HOST: ${DB_HOST}
DB_USER: ${MONGO_INITDB_ROOT_USERNAME}
DB_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
GitHub actions' environment
For now, I'm using hardcoded values, but when the moment comes, I'll switch to secrets.
name: Run the API and Postman's tests
...
env:
FLASK_ENV: development
API_HOST: 0.0.0.0
FLASK_APP: main.py
DB_NAME: ahm
DB_HOST: localhost
CI: true
How I'm imagining the feature
It will be our responsibility as developers to handle how the values will get into the workflow file. For instance, I could have a step defined like:
- name: Start MongoDB ${{ matrix.mongodb-version }}
uses: supercharge/mongodb-github-action@1.3.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
env:
MONGO_INITDB_ROOT_USERNAME: foo
MONGO_INITDB_ROOT_PASSWORD: ${{ secrets.password }}
One value hardcoded, one value coming from the secrets. The important thing will be that if these two variables are present, we could start the container with the -e
flag like :
docker run -d --network some-network --name some-mongo \
-e MONGO_INITDB_ROOT_USERNAME=$MONGO_INITDB_ROOT_USERNAME \
-e MONGO_INITDB_ROOT_PASSWORD=$MONGO_INITDB_ROOT_PASSWORD \
mongo
And therefore, achieve the "out of the box" authentication mechanism, which should be sufficient for a CI environment.
Let me know your thoughts.
@marcuspoehls Are there still plans to implement this? I'm trying to setup Mongo in GA with auth, and there doesn't seem to be an easy way to do so currently :)
@kibertoad Hey Igor, thank you for your patience. I’m in for this feature. Do you want to PR it?
@jorlugaqui @kibertoad @biodrone I’ve tagged a new release version 1.7.0
that is now available in the GitHub Actions marketplace containing the MongoDB authentication feature 😃
Just used it in my project, working like a dream :)
Awesome!
Hello,
Firstly, thank you very much for this implementation, I have been using it for learning Github actions on an aside project (https://github.com/jorlugaqui/ahm) and it helped me by a lot.
This request is for you to consider (if it makes sense) to have a variation for which the container will start with --auth enabled, probably achievable by sending the env variables
MONGO_INITDB_ROOT_USERNAME
andMONGO_INITDB_ROOT_PASSWORD
.Some applications may be using this mechanism as a default for connecting to a mongo server. By supporting the --auth, applications won't need to adjust their code, but rather will only need to take care of sending the right values in the env variables. I could try posting a PR if you think it is worth it.