-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
36 lines (35 loc) · 1.66 KB
/
Copy pathdocker-compose.yml
File metadata and controls
36 lines (35 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Note: this relies on Docker secrets to build, but the secrets are not stored in Git.
# This build script looks to the 'secrets' directory for a secrets.env file
# (so ./secrets/secrets.env file) that has secrets listed in the following format:
# VAR1="value"
# VAR2="value2"
# Multi-line Github secrets are a PAIN, so while that is good-enough for local Docker builds,
# we have to do a few extra steps for Github secrets to work -- mainly, converting the secrets
# into base64. So we need two files here:
# secrets.env -- the plaintext key-pair values for the secrets
# secrets.b64 -- the base64 encoded version of secrets.env
# Because I can't remember the commands I need to use, I wrote a script to help convert secrets.env
# over to secrets.b64. So assuming you have secrets.b64, you should be able to do:
# cd secrets
# ./base64-encode-secrets.sh
# This will create in the 'secrets' directory a secrets.b64 file ( so ./secrets/secrets.b64 ) that
# we then use to import our secrets into the container. The manual way of doing this would be:
# (cat secrets.env | base64 -w 0 > secrets.b64). Decode the secret when
# building the container by doing: (cat <secret> | base64 -d > <file>)
#
# For Github actions to auto-build the container, we rely on the Github secrets -
# a Github secret named ENVIRONMENT_SECRETS with the same content as secrets.b64 file!
# If you add more secrets, regenerate secrets.b64 and update the Github secret as well!
version: '3.8'
services:
node:
build:
context: .
secrets:
- ENVIRONMENT_SECRETS
image: gradeboost:latest
ports:
- "4200:4200"
secrets:
ENVIRONMENT_SECRETS:
file: ./secrets/secrets.b64