skip to Main Content

Problem Detail:

My environment file prod.env and Secrets stored in GitHub Action’s repository secret are inaccessible in the CI/CD Pipeline.

This is a portion of the deploy.yml workflow file for accessing secrets during deployment.

  deploy:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: SSH into Production Server and Deploy
        uses: appleboy/[email protected]
        env:
          APP_KEY: ${{ secrets.APP_KEY }}
          MYSQL_CONNECTION: ${{ secrets.DB_CONNECTION }}
          MYSQL_HOST: ${{ secrets.DB_HOST }}
          MYSQL_DATABASE: ${{ secrets.DB_DATABASE }}
          MYSQL_USER: ${{ secrets.DB_USERNAME }}
          MYSQL_PASSWORD: ${{ secrets.DB_PASSWORD }}
          MYSQL_ROOT_PASSWORD: ${{ secrets.DB_ROOT_PASSWORD }}
          RABBITMQ_DEFAULT_USER: ${{ secrets.RABBITMQ_USER }}
          RABBITMQ_DEFAULT_PASS: ${{ secrets.RABBITMQ_PASSWORD }}
          SLACK_ALERT_WEBHOOK: ${{ secrets.SLACK_ALERT_WEBHOOK }}
        with:
          host: ${{ secrets.PRODUCTION_SERVER }}
          key: ${{ secrets.SSH_KEY }}
          username: ubuntu
          script: |
            docker pull <docker-hub-repo>/<image>:latest
            cd ~/<project>
            docker-compose down
            docker-compose up -d
            docker-compose exec app php artisan migrate --force

This is a portion of docker-compose.yml where I use the env variables from the workflow file for GitHub Action secrets and prod.env for other variables.

  # MySQL database container
  db:
    image: mysql:8.0
    container_name: rule_engine_db
    restart: unless-stopped
    ports:
      - "3306:3306"
    env_file:
      - ./prod.env
    environment:
      - DB_CONNECTION=${MYSQL_CONNECTION}
      - DB_HOST=${MYSQL_HOST}
      - DB_DATABASE=${MYSQL_DATABASE}
      - DB_USERNAME=${MYSQL_USER}
      - DB_PASSWORD=${MYSQL_PASSWORD}
      - DB_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    volumes:
      - engineData:/var/lib/mysql
    networks:
      - rule-engine-net

As an error in the GitHub workflow, I got warning level=warning msg="The "APP_KEY" variable is not set. Defaulting to a blank string.

I am attaching a screenshot of the error message.
GitHub Workflow Error Screenshot

As a result, the Deployment Failed.

build in the workflow is successful. I have mentioned in the compose file: version: '3'. Secrets are not working only at env: in Workflow.

Looking for the probable cause and solution, thanks.

2

Answers


  1. The reason your environment variables are not visible to your script is that this script is executed on the remote server but the environment variables are only available inside the action appleboy/ssh-action. This action opens a shell on the remote server, then sends and executes you script on the remote shell. This action does not set your environment variables on the remote shell.

    The easiest way to solve this issue is to place them inside your script input block:

    script: |
      export APP_KEY=“${{ secrets.APP_KEY }}”
    
    Login or Signup to reply.
  2. https://github.com/appleboy/ssh-action provides envs input parameter to pass the environment variables to the script.

    See envs example under Pass environment variable to shell script.

    For your use case, it should simply be:

      - name: SSH into Production Server and Deploy
        uses: appleboy/[email protected]
        env:
          APP_KEY: ${{ secrets.APP_KEY }}
          # ...
        with:
          envs: APP_KEY
          # ...
          script: |
            # ...
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search