laravelamazon-web-servicesdocker-composegithub-actionscicd

Why are .env file or Github Action Secrets not working in CI/CD?

Problem Detail:

My environment file prod.env and Secrets stored in GitHub Action's repository secret are inaccessible in the CI/CD Pipeline.

This is a portion of the deploy.yml workflow file for accessing secrets during deployment.

  deploy:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: SSH into Production Server and Deploy
        uses: appleboy/ssh-action@v1.0.3
        env:
          APP_KEY: ${{ secrets.APP_KEY }}
          MYSQL_CONNECTION: ${{ secrets.DB_CONNECTION }}
          MYSQL_HOST: ${{ secrets.DB_HOST }}
          MYSQL_DATABASE: ${{ secrets.DB_DATABASE }}
          MYSQL_USER: ${{ secrets.DB_USERNAME }}
          MYSQL_PASSWORD: ${{ secrets.DB_PASSWORD }}
          MYSQL_ROOT_PASSWORD: ${{ secrets.DB_ROOT_PASSWORD }}
          RABBITMQ_DEFAULT_USER: ${{ secrets.RABBITMQ_USER }}
          RABBITMQ_DEFAULT_PASS: ${{ secrets.RABBITMQ_PASSWORD }}
          SLACK_ALERT_WEBHOOK: ${{ secrets.SLACK_ALERT_WEBHOOK }}
        with:
          host: ${{ secrets.PRODUCTION_SERVER }}
          key: ${{ secrets.SSH_KEY }}
          username: ubuntu
          script: |
            docker pull <docker-hub-repo>/<image>:latest
            cd ~/<project>
            docker-compose down
            docker-compose up -d
            docker-compose exec app php artisan migrate --force

This is a portion of docker-compose.yml where I use the env variables from the workflow file for GitHub Action secrets and prod.env for other variables.

  # MySQL database container
  db:
    image: mysql:8.0
    container_name: rule_engine_db
    restart: unless-stopped
    ports:
      - "3306:3306"
    env_file:
      - ./prod.env
    environment:
      - DB_CONNECTION=${MYSQL_CONNECTION}
      - DB_HOST=${MYSQL_HOST}
      - DB_DATABASE=${MYSQL_DATABASE}
      - DB_USERNAME=${MYSQL_USER}
      - DB_PASSWORD=${MYSQL_PASSWORD}
      - DB_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    volumes:
      - engineData:/var/lib/mysql
    networks:
      - rule-engine-net

As an error in the GitHub workflow, I got warning level=warning msg="The \"APP_KEY\" variable is not set. Defaulting to a blank string.

I am attaching a screenshot of the error message. GitHub Workflow Error Screenshot

As a result, the Deployment Failed.

build in the workflow is successful. I have mentioned in the compose file: version: '3'. Secrets are not working only at env: in Workflow.

Looking for the probable cause and solution, thanks.

Solution

  • https://github.com/appleboy/ssh-action provides envs input parameter to pass the environment variables to the script.

    See envs example under Pass environment variable to shell script.

    For your use case, it should simply be:

      - name: SSH into Production Server and Deploy
    uses: appleboy/ssh-action@v1.0.3
    env:
      APP_KEY: ${{ secrets.APP_KEY }}
      # ...
    with:
      envs: APP_KEY
      # ...
      script: |
        # ...