I have a Spring API, and I am setting up my CI/CD pipeline to run tests after each push to the master branch.
I have an application-test.properties
file that I use for my tests, but I avoid pushing this file to my repository because it contains sensitive information. To manage this, I’ve created secrets in my repository settings to store this data.
I understand that I can map these secrets to my application.properties
file using the following syntax:
env:
SPRING_DATA_MONGODB_URI: ${{ secrets.MONGODB_URI }}
However, since I don’t push my application.properties
files to the repository, I cannot use this approach.
My question is: Is it considered good practice to include application.properties files in a repository? If so, how can I manage the situation where local development lacks data due to the use of ${{ secrets.xxx }}
?
I can't find a clear answer to this question about best practice.
to achieve that, you can try to change your application-test.properties
to a dynamic configuration, for example:
myapp.database.username=${DATABASE_USERNAME}
myapp.database.password=${DATABASE_PASSWORD}
and then you have to register the value as env variables to your workflows file
, for example:
name: CI Workflow
on: [push]
jobs:
build:
runs-on: ubuntu-latest
env:
DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }}
DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
steps:
- name: Check out repository
uses: actions/checkout@v2
....
and don't forget to add your secrets variable on your github repository.
for local situation, you can register your env variables on Run/Debug Configurations
if you use intellij idea
, for example: