I'm developing an ASP.NET Core Web API using a local secrets management approach. In my code, two lines of code load secret files that didn't get pushed to the remote Github repo:
public static void AddSecrets(this IServiceCollection services,
ConfigurationManager config, IWebHostEnvironment environment)
{
config.AddJsonFile("appsecrets.json");
config.AddJsonFile($"appsecrets.{environment.EnvironmentName}.json");
}
The problem is when running the integration tests in CI/CD using GitHub Actions this code will throw FileNotFoundException
exception because those files aren't pushed to the repo and hence don't exist.
For WebAppicationFactory
side, I can only override it and there is no way I can stop running this code.
For the source code side:
WebAppicationFactory
.optional: true
but this will violate the app startup requirements.So the question: is my secret management approach wrong from the beginning? If not how can I solve this problem?
Your approaches aren't wrong, but as GitHub Actions allows you to create environment files during the workflow execution, it may be easier to resolve your issue that way.
You can use GitHub repository secrets to generate your files according to each environment, before running the application for your integration tests.
I'll share here some references that might help: