Skip to content

Commit

Permalink
Clean up github actions and move to extended language guide
Browse files Browse the repository at this point in the history
  • Loading branch information
@motdotla
motdotla committed Jul 9, 2023
1 parent d1bdabd commit 7fe794d
Show file tree
Hide file tree
Showing 10 changed files with 180 additions and 98 deletions.
2 changes: 2 additions & 0 deletions _includes/docs/nav.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,9 @@
{% include layouts/docs_nav_title_grid.html name="Node.js" icon="nodejs" color="#339933" %}
{% include docs/nav_link.html url="/docs/languages/nodejs" text="Overview" %}
{% include docs/nav_link.html url="/docs/languages/nodejs/digital-ocean" text="Digital Ocean" %}
<!--{% include docs/nav_link.html url="/docs/languages/nodejs/docker" text="Docker" %}-->
{% include docs/nav_link.html url="/docs/languages/nodejs/fly" text="Fly.io" %}
{% include docs/nav_link.html url="/docs/languages/nodejs/github-actions" text="GitHub Actions" %}
{% include docs/nav_link.html url="/docs/languages/nodejs/heroku" text="Heroku" %}
{% include docs/nav_link.html url="/docs/languages/nodejs/netlify" text="Netlify" %}
{% include docs/nav_link.html url="/docs/languages/nodejs/railway" text="Railway" %}
Expand Down
39 changes: 39 additions & 0 deletions _includes/docs/step_build_env_vault_for_ci.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
## Build .env.vault

Push your latest `.env` file changes and edit your CI secrets. [Learn more about syncing](/docs/tutorials/sync)

##### CLI
```shell
npx dotenv-vault@latest push
npx dotenv-vault@latest open ci
```

Use the UI to configure those secrets per environment.

##### UI
{% include helpers/screenshot_browser.html url="/assets/img/docs/edit-ci-value.gif" www="dotenv.org" %}

Then build your encrypted `.env.vault` file.

##### CLI
```shell
npx dotenv-vault@latest build
```

Its contents should look something like this.

##### .env.vault
```shell
#/-------------------.env.vault---------------------/
#/ cloud-agnostic vaulting standard /
#/ [how it works](https://dotenv.org/env-vault) /
#/--------------------------------------------------/

# development
DOTENV_VAULT_DEVELOPMENT="/HqNgQWsf6Oh6XB9pI/CGkdgCe6d4/vWZHgP50RRoDTzkzPQk/xOaQs="
DOTENV_VAULT_DEVELOPMENT_VERSION=2

# ci
DOTENV_VAULT_CI="x26PuIKQ/xZ5eKrYomKngM+dO/9v1vxhwslE/zjHdg3l+H6q6PheB5GVDVIbZg=="
DOTENV_VAULT_CI_VERSION=2
```
43 changes: 43 additions & 0 deletions _includes/docs/step_install_dotenv_for_ci.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
## Install dotenv

Install [`dotenv`](https://github.com/motdotla/dotenv).

##### CLI
```shell
npm install dotenv --save # Requires dotenv >= 16.1.0
```

Create a `.env` file in the root of your project.

##### .env
```shell
# .env
HELLO="World"
```

As early as possible in your application, import and configure dotenv.

##### build.js
```js
// build.js
require('dotenv').config()
console.log(process.env) // remove this after you've confirmed it is working

console.log(`Hello ${process.env.HELLO}`)
```

Try running it locally.

##### CLI
```shell
node build.js
{
...
HELLO: 'World'
}
Hello World
```

Perfect. `process.env` now has the keys and values you defined in your `.env` file.

That covers local simulation of the CI. Let's solve for the real CI environment next.
6 changes: 6 additions & 0 deletions _includes/docs/welldone_ci.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<div class="alert alert-success" role="alert">
<h4 class="alert-heading">Well done!</h4>
<p>You succesfully used the new <strong>.env.vault</strong> standard to encrypt and build your secrets. This is much safer than storing your secrets on CI platforms that might <a href="https://techcrunch.com/2023/01/05/circleci-breach/">leak your secrets</a>.</p>
<hr>
<p class="mb-0">Whenever you need to add or change a secret, just rebuild your .env.vault file and redeploy.</p>
</div>
Binary file added assets/img/docs/edit-ci-value.gif
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/img/docs/github-actions-config-vars.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/img/docs/github-actions-hello-undefined.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/img/docs/github-actions-logs-vault.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
98 changes: 0 additions & 98 deletions docs/integrations/github-actions/nodejs.md
View file

This file was deleted.

90 changes: 90 additions & 0 deletions docs/languages/nodejs/github-actions.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
layout: docs
title: "CI/CD in Node.js with GitHub Actions"
description: Use Node.js to run GitHub Actions with an encrypted .env.vault file
redirect_from:
- /docs/integrations/github/actions-nodejs
- /docs/integrations/github-actions/nodejs
---

{% include docs/headsup.html %}
{% include docs/example_link.html url="https://github.com/dotenv-org/examples/tree/master/nodejs/github-actions" %}

## Initial setup

Create a `build.js` file. It's a very simple build script that outputs 'Hello World'.

##### build.js
```js
// build.js
console.log(`Hello ${process.env.HELLO}`)
```

Create a `package.json` file.

##### package.json
```json
{
"scripts": {
"build": "node build.js"
}
}
```

Create a `.github/workflows/ci.yml` file.

##### .github/workflows/ci.yml
```yml
{% raw %}# .github/workflows/ci.yml
name: npm run build
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
- run: npm install
- run: npm run build
env:
DOTENV_KEY: ${{ secrets.DOTENV_KEY }}{% endraw %}
```
Commit that to code and deploy to GitHub.
Once deployed, the GitHub actions build will say `'Hello undefined'` as it doesn't have a way to access the environment variable yet. Let's do that next.
##### GitHub Actions
{% include helpers/screenshot_browser.html url="/assets/img/docs/github-actions-hello-undefined.png" www="github.com/you/app/actions" %}
{% include docs/step_install_dotenv_for_ci.md %}
{% include docs/step_build_env_vault_for_ci.md %}
## Set DOTENV_KEY
Fetch your CI `DOTENV_KEY`.

##### CLI
```shell
npx dotenv-vault@latest keys ci
# outputs: dotenv://:key_4567@dotenv.org/vault/.env.vault?environment=ci
```

Set `DOTENV_KEY` on GitHub Actions.

##### UI
{% include helpers/screenshot_browser.html url="/assets/img/docs/github-actions-config-vars.png" %}

## Build CI

Commit those changes safely to code and rerun the build.

That's it! On deploy, your `.env.vault` file will be decrypted and its CI secrets injected as environment variables – just in time.

You'll know things worked correctly when you see `'Loading env from encrypted .env.vault'` in your logs. If a `DOTENV_KEY` is not set (for example when developing on your local machine) it will fall back to standard [dotenv](https://github.com/motdotla/dotenv) functionality.

{% include helpers/screenshot_browser.html url="/assets/img/docs/github-actions-logs-vault.png" www="github actions build" %}

{% include docs/welldone_ci.html %}

0 comments on commit 7fe794d

Please sign in to comment.