[SOLVED] Why are .env file or Github Action Secrets not working in CI/CD?

Why are .env file or Github Action Secrets not working in CI/CD?

Problem Detail:

My environment file prod.env and Secrets stored in GitHub Action's repository secret are inaccessible in the CI/CD Pipeline.

This is a portion of the deploy.yml workflow file for accessing secrets during deployment.

  deploy:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: SSH into Production Server and Deploy
        uses: appleboy/ssh-action@v1.0.3
        env:
          APP_KEY: ${{ secrets.APP_KEY }}
          MYSQL_CONNECTION: ${{ secrets.DB_CONNECTION }}
          MYSQL_HOST: ${{ secrets.DB_HOST }}
          MYSQL_DATABASE: ${{ secrets.DB_DATABASE }}
          MYSQL_USER: ${{ secrets.DB_USERNAME }}
          MYSQL_PASSWORD: ${{ secrets.DB_PASSWORD }}
          MYSQL_ROOT_PASSWORD: ${{ secrets.DB_ROOT_PASSWORD }}
          RABBITMQ_DEFAULT_USER: ${{ secrets.RABBITMQ_USER }}
          RABBITMQ_DEFAULT_PASS: ${{ secrets.RABBITMQ_PASSWORD }}
          SLACK_ALERT_WEBHOOK: ${{ secrets.SLACK_ALERT_WEBHOOK }}
        with:
          host: ${{ secrets.PRODUCTION_SERVER }}
          key: ${{ secrets.SSH_KEY }}
          username: ubuntu
          script: |
            docker pull <docker-hub-repo>/<image>:latest
            cd ~/<project>
            docker-compose down
            docker-compose up -d
            docker-compose exec app php artisan migrate --force

This is a portion of docker-compose.yml where I use the env variables from the workflow file for GitHub Action secrets and prod.env for other variables.

  # MySQL database container
  db:
    image: mysql:8.0
    container_name: rule_engine_db
    restart: unless-stopped
    ports:
      - "3306:3306"
    env_file:
      - ./prod.env
    environment:
      - DB_CONNECTION=${MYSQL_CONNECTION}
      - DB_HOST=${MYSQL_HOST}
      - DB_DATABASE=${MYSQL_DATABASE}
      - DB_USERNAME=${MYSQL_USER}
      - DB_PASSWORD=${MYSQL_PASSWORD}
      - DB_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    volumes:
      - engineData:/var/lib/mysql
    networks:
      - rule-engine-net

As an error in the GitHub workflow, I got warning level=warning msg="The \"APP_KEY\" variable is not set. Defaulting to a blank string.

I am attaching a screenshot of the error message.

As a result, the Deployment Failed.

build in the workflow is successful. I have mentioned in the compose file: version: '3'. Secrets are not working only at env: in Workflow.

Looking for the probable cause and solution, thanks.

Solution

The reason your environment variables are not visible to your script is that this script is executed on the remote server but the environment variables are only available inside the action appleboy/ssh-action. This action opens a shell on the remote server, then sends and executes you script on the remote shell. This action does not set your environment variables on the remote shell.

The easiest way to solve this issue is to place them inside your script input block:

script: |
  export APP_KEY=“${{ secrets.APP_KEY }}”