ci: Pass master key in deploy.yml, fix secrets file path mismatch
This commit is contained in:
@@ -51,6 +51,8 @@ jobs:
|
||||
--restart unless-stopped \
|
||||
-p 3000:3000 \
|
||||
-e SERVER_PORT=3000 \
|
||||
-e SERVER_MASTER_KEY="${{ secrets.SERVER_MASTER_KEY }}" \
|
||||
-e SECRETS_FILE_PATH="/app/data/secrets.json" \
|
||||
-v /opt/bootstrap-auth-server/data:/app/data \
|
||||
-e DATABASE_URL="sqlite:///app/data/data.db?mode=rwc" \
|
||||
bootstrap-auth-server:latest
|
||||
|
||||
14
src/main.rs
14
src/main.rs
@@ -82,10 +82,11 @@ async fn main() {
|
||||
|
||||
tracing::info!("Migrations successful.");
|
||||
|
||||
if let Ok(file_content) = std::fs::read_to_string("secrets.json") {
|
||||
tracing::info!("Found secrets.json, provisioning");
|
||||
let secrets_path = std::env::var("SECRETS_FILE_PATH").unwrap_or_else(|_| "secrets.json".to_string());
|
||||
if let Ok(file_content) = std::fs::read_to_string(&secrets_path) {
|
||||
tracing::info!("Found secrets file at {}, provisioning", secrets_path);
|
||||
let secrets: HashMap<String, String> =
|
||||
serde_json::from_str(&file_content).expect("Invalid secrets.json format");
|
||||
serde_json::from_str(&file_content).expect("Invalid secrets json format");
|
||||
|
||||
for (key, value) in secrets {
|
||||
let encrypted_val = encrypt_secret(&master_key, &value);
|
||||
@@ -99,9 +100,10 @@ async fn main() {
|
||||
.expect("Failed to insert secret");
|
||||
}
|
||||
|
||||
std::fs::rename("secrets.json", "secrets.json.bak")
|
||||
.expect("Failed to rename secrets.json");
|
||||
tracing::info!("Provisioned secrets and renamed to secrets.json.bak");
|
||||
let bak_path = format!("{}.bak", secrets_path);
|
||||
std::fs::rename(&secrets_path, &bak_path)
|
||||
.expect("Failed to rename secrets file");
|
||||
tracing::info!("Provisioned secrets and renamed to {}", bak_path);
|
||||
}
|
||||
|
||||
let state = AppState {
|
||||
|
||||
Reference in New Issue
Block a user