Remove env var and replace with secret

elliottminns · elliottminns · commit e4aaff978c77 · 2024-11-11T20:38:20.000-06:00
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -28,15 +28,15 @@ jobs:
         curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
         chmod +x /usr/local/bin/docker-compose
 
+    - name: Set up password
+      run: |
+        mkdir guestbook
+        echo ${{ secrets.DB_PASSWORD }} > guestbook/db-password.txt
+
     - name: Run Docker Compose
       run: |
-        export DB_PASSWORD=${{ secrets.DB_PASSWORD }}
+        pwd
+        ls .
+        ls ./guestbook
         export DOCKER_HOST=ssh://deploytest@zenful.cloud
         docker-compose -f ./compose.prod.yaml up -d
-
-    # - name: Copy over the docker compose file
-    #   run: |
-    #     scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml
-    # - name: Deploy code via SSH
-    #   run: |
-    #     ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d"
diff --git a/compose.prod.yaml b/compose.prod.yaml
@@ -48,9 +48,11 @@ services:
       - "traefik.http.routers.proxy.tls.certresolver=myresolver"
         # Enable watchtower
       - "com.centurylinklabs.watchtower.enable=true"
+    secrets:
+      - db-password
     environment:
       - POSTGRES_HOST=db
-      - POSTGRES_PASSWORD=$DB_PASSWORD
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db-password
       - POSTGRES_USER=postgres
       - POSTGRES_DB=guestbook
       - POSTGRES_PORT=5432
@@ -68,10 +70,12 @@ services:
     user: postgres
     volumes:
       - db-data:/var/lib/postgresql/data
+    secrets:
+      - db-password
     environment:
       - POSTGRES_DB=guestbook
-      #- POSTGRES_PASSWORD_FILE=/run/secrets/db-password
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db-password
+      #- POSTGRES_PASSWORD=${DB_PASSWORD}
     expose:
       - 5432
     healthcheck:
@@ -84,4 +88,4 @@ volumes:
   letsencrypt:
 secrets:
   db-password:
-    environment: DB_PASSWORD
+    file: ./db-password.txt
