Remove env var and replace with secret

Author: elliottminns

.github/workflows/deploy.yaml

@@ -28,15 +28,12 @@ jobs:
         curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
         chmod +x /usr/local/bin/docker-compose
 
+    - name: Set up password
+      run: |
+        echo ${{ secrets.DB_PASSWORD }} > db-password.txt
+        cat db-password.txt
+
     - name: Run Docker Compose
       run: |
-        export DB_PASSWORD=${{ secrets.DB_PASSWORD }}
         export DOCKER_HOST=ssh://[email protected]
         docker-compose -f ./compose.prod.yaml up -d
-
-    # - name: Copy over the docker compose file
-    #   run: |
-    #     scp -o StrictHostKeyChecking=no compose.prod.yaml [email protected]:guestbook/compose.yaml
-    # - name: Deploy code via SSH
-    #   run: |
-    #     ssh -o StrictHostKeyChecking=no [email protected] "cd guestbook && docker compose up -d"

compose.prod.yaml

@@ -48,6 +48,8 @@ services:
       - "traefik.http.routers.proxy.tls.certresolver=myresolver"
         # Enable watchtower
       - "com.centurylinklabs.watchtower.enable=true"
+    secrets:
+      - db-password
     environment:
       - POSTGRES_HOST=db
       - POSTGRES_PASSWORD=$DB_PASSWORD
@@ -68,10 +70,12 @@ services:
     user: postgres
     volumes:
       - db-data:/var/lib/postgresql/data
+    secrets:
+      - db-password
     environment:
       - POSTGRES_DB=guestbook
-      #- POSTGRES_PASSWORD_FILE=/run/secrets/db-password
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db-password
+      #- POSTGRES_PASSWORD=${DB_PASSWORD}
     expose:
       - 5432
     healthcheck:
@@ -84,4 +88,4 @@ volumes:
   letsencrypt:
 secrets:
   db-password:
-    environment: DB_PASSWORD
+    file: ./db-password.txt