How can I safeguard my GitHub password in the workflow and deploy it using Docker?
tejajagadeep opened this issue · 2 comments
Hi I am using latest version of spring boot 3.2.5 with version control <spring-cloud.version>2023.0.1</spring-cloud.version>
I'm encountering difficulties with GitHub secrets and setting environment variables during deployment on Docker.
I aim to configure the password for my cloud config server using environment variables and then publish it. Locally, I've set the environment variable as GIT_TOKEN and attempted to replicate this configuration when deploying via GitHub. However, the Docker container fails to recognize the values during execution. Below is my workflow.
build_config_server:
runs-on: ubuntu-latest
env:
SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD: ${{ secrets.GIT_TOKEN }}
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: "17"
distribution: "temurin"
cache: maven
- name: Build Maven Config Service
run: mvn -B package --file movie-backend/config-server/pom.xml
- name: Build docker Config Service
run: docker build -t ${{ secrets.DOCKER_USERNAME }}/movie-app-config-server:latest -f movie-backend/config-server/Dockerfile movie-backend/config-server
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set Git Token as an environment variable
run: echo "SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=${{ secrets.GIT_TOKEN }}" >> $GITHUB_ENV
- name: Push Docker image to Docker Hub
run: docker push ${{ secrets.DOCKER_USERNAME }}/movie-app-config-server:latestPlease provide the solution yml for this to deploy my application and not share the token
It will be very useful for everyone who is working with docker CI/CD and securing their key
This is not an issue with Spring Cloud Conifg but likely a problem with your GitHub action
This is not an issue with Spring Cloud Conifg but likely a problem with your GitHub action
Yes I know that It is not an issue with cloud but I just wanted to know how We can Secure it but I got the code for it. Still thank you for replying
FROM openjdk:17-alpine
WORKDIR usr/src
ARG SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ENV SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=$SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ADD /target/config-server-0.0.1-SNAPSHOT.jar /usr/src/config-server-0.0.1-SNAPSHOT.jar
ENTRYPOINT [ "java","-jar", "config-server-0.0.1-SNAPSHOT.jar"]
build_config_server:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: "17"
distribution: "temurin"
cache: maven
- name: Build Maven Config Service
run: mvn -B package --file movie-backend/config-server/pom.xml
- name: Build docker Config Service
run: docker build -t ${{ secrets.DOCKER_USERNAME }}/movie-app-config-server:latest -f movie-backend/config-server/Dockerfile --build-arg SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD="${{ secrets.CONFIG_PASSWORD }}" movie-backend/config-server
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push Docker image to Docker Hub
run: docker push ${{ secrets.DOCKER_USERNAME }}/movie-app-config-server:latestthis code is very helpful if you want to keep your code in public repo and still securely deploy it without exposing any secrets