archive/theorangeone.net-legacy
1
Fork 0
Code Activity

Move flickr credentials into secret environment

Browse source 
Also roll them
This commit is contained in:
Jake Howard 2020-09-12 11:29:43 +01:00
parent 7ae2361bfb
commit 63b2ca3389
Signed by: jake
GPG key ID: 57AFB45680EDD477
8 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.dockerignore
View file

@ -2,4 +2,3 @@ public/
resources/ resources/
node_modules/ node_modules/
.cache/ .cache/
.env

10
.github/workflows/ci.yml vendored
View file

@ -2,6 +2,10 @@ name: CI
on: [push, pull_request] on: [push, pull_request]
env:
FLICKR_API_KEY: ${{ secrets.FLICKR_API_KEY }}
FLICKR_USER_ID: ${{ secrets.FLICKR_USER_ID }}
jobs: jobs:
docker: docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -10,6 +14,9 @@ jobs:
with: with:
submodules: true submodules: true
- name: Dump environment
run: env >> .env
- name: Build image - name: Build image
run: docker-compose build run: docker-compose build
@ -43,6 +50,9 @@ jobs:
- name: Install Dependencies - name: Install Dependencies
run: npm ci run: npm ci
- name: Dump environment
run: env >> .env
- name: Build site - name: Build site
run: ./scripts/release.sh run: ./scripts/release.sh

9
.github/workflows/deploy.yml vendored
View file

@ -5,6 +5,10 @@ on:
branches: branches:
- master - master
env:
FLICKR_API_KEY: ${{ secrets.FLICKR_API_KEY }}
FLICKR_USER_ID: ${{ secrets.FLICKR_USER_ID }}
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -14,8 +18,11 @@ jobs:
with: with:
submodules: true submodules: true
- name: Dump environment
run: env >> .env
- name: Build production container - name: Build production container
run: docker build --tag docker.pkg.github.com/${GITHUB_REPOSITORY,,}/theorangeone.net:latest . run: docker build --tag docker.pkg.github.com/${GITHUB_REPOSITORY,,}/theorangeone.net:latest --env-file .env .
- name: Log into GitHub Docker Registry - name: Log into GitHub Docker Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY%/*} --password-stdin run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY%/*} --password-stdin

3
data/flickr.yml
View file

@ -1,3 +0,0 @@
---
user_id: "132071530@N06"
api_key: 920710c1f504befe4b3da60739e473c3

1
docker-compose.yml
View file

@ -4,6 +4,7 @@ services:
website: website:
build: build:
context: . context: .
env_file: .env
volumes: volumes:
- "./public:/usr/share/nginx/html:ro" - "./public:/usr/share/nginx/html:ro"
- "./nginx.conf:/etc/nginx/nginx.conf:ro" - "./nginx.conf:/etc/nginx/nginx.conf:ro"

4
layouts/_default/flickr.html
View file

@ -4,9 +4,9 @@
{{ partial "content.html" . }} {{ partial "content.html" . }}
{{ $id := .Params.photoset }} {{ $id := .Params.photoset }}
{{ $query := querify "format" "json" "nojsoncallback" "1" "api_key" .Site.Data.flickr.api_key }} {{ $query := querify "format" "json" "nojsoncallback" "1" "api_key" (getenv "FLICKR_API_KEY") }}
{{ $method := querify "method" "flickr.photosets.getPhotos" "user_id" .Site.Data.flickr.user_id "photoset_id" $id "extras" "url_k,url_q" }} {{ $method := querify "method" "flickr.photosets.getPhotos" "user_id" (getenv "FLICKR_USER_ID") "photoset_id" $id "extras" "url_k,url_q" }}
{{ $photoset := (getJSON "https://api.flickr.com/services/rest/?" $query "&" $method).photoset }} {{ $photoset := (getJSON "https://api.flickr.com/services/rest/?" $query "&" $method).photoset }}
<div id="light-gallery" class="row"> <div id="light-gallery" class="row">

3
scripts/common.sh
View file

@ -1,4 +1,7 @@
BASEDIR=$PWD BASEDIR=$PWD
export $(cat $BASEDIR/.env | xargs)
NODE_BIN=$BASEDIR/node_modules/.bin NODE_BIN=$BASEDIR/node_modules/.bin
STATIC_SRC=$BASEDIR/static/src STATIC_SRC=$BASEDIR/static/src

5
scripts/release.sh
View file

@ -4,11 +4,6 @@ set -e
source ./scripts/common.sh source ./scripts/common.sh
# Expose environment variables so `parcel-bundler` can access them
env > $BASEDIR/.env
./scripts/build.sh --minify ./scripts/build.sh --minify
gzipper compress -e gz --verbose $OUTPUT_DIR $OUTPUT_DIR gzipper compress -e gz --verbose $OUTPUT_DIR $OUTPUT_DIR
rm -f $BASEDIR/.env