From 63b2ca33899a0fffa2d68b1065754db75ef45c47 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 12 Sep 2020 11:29:43 +0100 Subject: [PATCH] Move flickr credentials into secret environment Also roll them --- .dockerignore | 1 - .github/workflows/ci.yml | 10 ++++++++++ .github/workflows/deploy.yml | 9 ++++++++- data/flickr.yml | 3 --- docker-compose.yml | 1 + layouts/_default/flickr.html | 4 ++-- scripts/common.sh | 3 +++ scripts/release.sh | 5 ----- 8 files changed, 24 insertions(+), 12 deletions(-) delete mode 100644 data/flickr.yml diff --git a/.dockerignore b/.dockerignore index 10376ad..590faaa 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,4 +2,3 @@ public/ resources/ node_modules/ .cache/ -.env diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0900c2e..4cf936d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,10 @@ name: CI on: [push, pull_request] +env: + FLICKR_API_KEY: ${{ secrets.FLICKR_API_KEY }} + FLICKR_USER_ID: ${{ secrets.FLICKR_USER_ID }} + jobs: docker: runs-on: ubuntu-latest @@ -10,6 +14,9 @@ jobs: with: submodules: true + - name: Dump environment + run: env >> .env + - name: Build image run: docker-compose build @@ -43,6 +50,9 @@ jobs: - name: Install Dependencies run: npm ci + - name: Dump environment + run: env >> .env + - name: Build site run: ./scripts/release.sh diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5a474f8..0d85c1b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,6 +5,10 @@ on: branches: - master +env: + FLICKR_API_KEY: ${{ secrets.FLICKR_API_KEY }} + FLICKR_USER_ID: ${{ secrets.FLICKR_USER_ID }} + jobs: build: runs-on: ubuntu-latest @@ -14,8 +18,11 @@ jobs: with: submodules: true + - name: Dump environment + run: env >> .env + - name: Build production container - run: docker build --tag docker.pkg.github.com/${GITHUB_REPOSITORY,,}/theorangeone.net:latest . + run: docker build --tag docker.pkg.github.com/${GITHUB_REPOSITORY,,}/theorangeone.net:latest --env-file .env . - name: Log into GitHub Docker Registry run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY%/*} --password-stdin diff --git a/data/flickr.yml b/data/flickr.yml deleted file mode 100644 index f7a6bed..0000000 --- a/data/flickr.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -user_id: "132071530@N06" -api_key: 920710c1f504befe4b3da60739e473c3 diff --git a/docker-compose.yml b/docker-compose.yml index 55074e5..5f5e66d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: website: build: context: . + env_file: .env volumes: - "./public:/usr/share/nginx/html:ro" - "./nginx.conf:/etc/nginx/nginx.conf:ro" diff --git a/layouts/_default/flickr.html b/layouts/_default/flickr.html index e18e7de..68e3e12 100644 --- a/layouts/_default/flickr.html +++ b/layouts/_default/flickr.html @@ -4,9 +4,9 @@ {{ partial "content.html" . }} {{ $id := .Params.photoset }} - {{ $query := querify "format" "json" "nojsoncallback" "1" "api_key" .Site.Data.flickr.api_key }} + {{ $query := querify "format" "json" "nojsoncallback" "1" "api_key" (getenv "FLICKR_API_KEY") }} - {{ $method := querify "method" "flickr.photosets.getPhotos" "user_id" .Site.Data.flickr.user_id "photoset_id" $id "extras" "url_k,url_q" }} + {{ $method := querify "method" "flickr.photosets.getPhotos" "user_id" (getenv "FLICKR_USER_ID") "photoset_id" $id "extras" "url_k,url_q" }} {{ $photoset := (getJSON "https://api.flickr.com/services/rest/?" $query "&" $method).photoset }}