Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wrangler.toml Secrets #17

Closed
TheAutisticTechie opened this issue Feb 2, 2020 · 4 comments
Closed

wrangler.toml Secrets #17

TheAutisticTechie opened this issue Feb 2, 2020 · 4 comments

Comments

@TheAutisticTechie
Copy link

Cannot see a way of keeping the Account ID and Zone ID a secret within github. The Github Actions secrets don't work within the file. I'm sure it's possible but I'm missing it in the documentation somewhere

This doesn't work

type = "webpack"
account_id = "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}"
workers_dev = false
route = "*domain.com/*"
zone_id = "${{ secrets.CLOUDFLARE_ZONE_ID }}"

[site]
bucket = "./public"

Whereas this works without an issue

type = "webpack"
account_id = "1234567890"
workers_dev = false
route = "*domain.com/*"
zone_id = "0987654321"

[site]
bucket = "./public"
@EverlastingBugstopper
Copy link
Contributor

Hi @Nasherx - two things.

  1. It is safe to expose your zone id and account id, these need not be secret. Just make sure to keep your API token/key secret!
  2. Wrangler will read from environment variables, so if you set $CF_ACCOUNT_ID and $CF_ZONE_ID when running any Wrangler command, it will override what's in your wrangler.toml.

Hope this helps 😄

@kristianfreeman
Copy link
Contributor

Yep, @EverlastingBugstopper is totally right! While there isn't a variable set up in the action to handle this, you should be able to use GitHub Action's built-in env var support:

- name: Publish
  uses: cloudflare/wrangler-action@1.1.0
  env:
    CF_ACCOUNT_ID: {{ secrets.cf_account_id }}
    CF_ZONE_ID: {{ secrets.cf_zone_id }}

The above is kinda pseudo-code, I haven't tested it, so if that works, let me know! Would be useful to document in the README 👍

@TheAutisticTechie
Copy link
Author

Adding the env variables still fails but i think its just my lack of understanding, I'm only just getting back into development.

If its fine to have account ID and zone ID public then i'm happy 😊

zhuangya added a commit to zhuangya/leetcode-link that referenced this issue Mar 12, 2020
@zhuangya
ci: complete project files, set account id as env
069d3da 
along with zone id

ref cloudflare/wrangler-action#17
@ct-martin
Copy link

In case you're like me and finding this later, the code snippet is almost right; it's just missing a $ for the variables. Without this thread I probably wouldn't have figured out how to do this nor that those tokens are actually ok to publish anyway; huge thanks to all for the clarification.

Here's the step I'm using (also with apiToken):

- name: Publish
  uses: cloudflare/wrangler-action@1.2.0
  with:
    apiToken: ${{ secrets.CF_API_TOKEN }}
  env:
    CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
    CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }}

Bad3r added a commit to Bad3r/wrangler-cdn that referenced this issue Jan 30, 2023
@Bad3r
enhance: use GH secrets for CF account ID
6f58b45 
_ while CF account ID is not sensitive information,
  to make it easier for users to deploy this project;
  you might want to consider using an env variable instead (cloudflare/wrangler-action#17 (comment))
- added a gh secret to specify the project name
- added support for specifying deployment env
- added instructions on how to deploy to the README
@Bad3r Bad3r mentioned this issue Jan 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kristianfreeman @TheAutisticTechie @EverlastingBugstopper @ct-martin