I have the following bitbucket pipeline, which is for deploying a Meteor app with Mup.
Everything is working up until the final mup deploy command
it seems to not to be able to read the generated config.json
file that is supposed to have my secure mongo url injected into it.
this is what the secure_mongo.json
file looks like
{
"secret": $STAGING_MONGO_URL
}
In the mup file I access like
var mongo = require('./config.json');
module.exports = {
MONGO_URL: mongo.secret,
}
image: node:14.16.0
pipelines:
branches:
staging:
- step:
name: Deploy to staging CI/CD Environment
script:
- mkdir -p ~/.ssh
- apt-get update && apt-get install gettext-base
- curl https://install.meteor.com/ | sh
- export METEOR_ALLOW_SUPERUSER=true
- cd .bot-staging-ci-cd
- (umask 077 ; echo $DO_STAGING_CICD_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)
- cat secure_mongo.json | envsubst > config.json
- cat config.json && realpath config.json
- npm install -g mup
- npm install -g ssh2
- mup deploy
And I do have a secure variable named $STAGING_MONGO_URL in the repository. So Not entirely sure what is going wrong. Any help would be great.
This question is related and helped me get this far Storing secrets into Bitbucket Pipelines and then deploy on App Engine? but it is not the same question.
To be clear the error I am getting is Mup deploy is saying that the config.json
file is reaching an Unexpected token
exact error
Error loading config file:
SyntaxError: /opt/atlassian/pipelines/agent/build/.bot-staging-ci-cd/config.json: Unexpected token m in JSON at position 13
UPDATE:
So I thought the json error had to do with the require of the config.json
file and tried to write use envsubst directly with a the module.exports
.js
file but it doesn't seem to replace the variable at all, Mup fails directly at the position where the variable should be replaced.
Thanks
Unless your STAGING_MONGO_URL
variable starts and ends with double quotes, once it is rendered into config.json by envsubst, that file is no longer valid json.
Wrap the value placeholder with double quotes in your secure_mongo.json template
{
"secret": "$STAGING_MONGO_URL"
}
Also, be careful to avoid actual double quotes in the secret value, because once rendered it would break json parsing again.
Even if you successfully render the config.json file it is useless to print it to stdout: a Bitbucket security feature will prevent you from printing your secret variable in the pipelines logs E.g. see: