attempting to read paths over ssh and set values from acations

olaven · Jun 30, 2020 · a910088 · a910088
1 parent f27b471
commit a910088
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 44 deletions.
diff --git a/.github/workflows/dodeploy.yml b/.github/workflows/dodeploy.yml
@@ -37,23 +37,14 @@ jobs:
         PGDATABASE: ${{  secrets.PGDATABASE  }}
         PGSSLMODE: ${{  secrets.PGSSLMODE  }}
         SSH_DATABASE_CERTIFICATE: ${{  secrets.SSH_DATABASE_CERTIFICATE  }}
-        # HTTPS_CONTAINER_PRIVKEY: ${{ secrets.HTTPS_CONTAINER_PRIVKEY }} 
-        # HTTPS_CONTAINER_FULLCHAIN: ${{ secrets.HTTPS_CONTAINER_FULLCHAIN }}
-        # HTTPS_CONTAINER_CHAIN: ${{ secrets.HTTPS_CONTAINER_CHAIN }}
-        # HTTPS_SERVER_PRIVKEY: ${{ secrets.HTTPS_SERVER_PRIVKEY }}
-        # HTTPS_SERVER_FULLCHAIN: ${{ secrets.HTTPS_SERVER_FULLCHAIN }}
-        # HTTPS_SERVER_CHAIN: ${{ secrets.HTTPS_SERVER_CHAIN }}
-        SSL_CHAIN: ${{ secrets.SSL_CHAIN }}
-        SSL_FULLCHAIN: ${{ secrets.SSL_FULLCHAIN }} 
-        SSL_PRIVKEY: ${{ secrets.SSL_PRIVKEY }} 
       with:
         name: olaven/krets/image #${{ secrets.GITHUB_REPOSITORY }}/image
         registry: docker.pkg.github.com
         username: ${{ github.actor }} 
         password: ${{ secrets.GITHUB_TOKEN }}
         dockerfile: Dockerfile
-        tags: latest # HTTPS_CONTAINER_PRIVKEY,HTTPS_CONTAINER_FULLCHAIN,HTTPS_CONTAINER_CHAIN,HTTPS_SERVER_PRIVKEY,HTTPS_SERVER_FULLCHAIN,HTTPS_SERVER_CHAIN
-        buildargs: SSL_CHAIN, SSL_FULLCHAIN, SSL_PRIVKEY, GITHUB_USERNAME,GITHUB_TOKEN,AUTH0_DOMAIN,AUTH0_CLIENT_ID,AUTH0_CLIENT_SECRET,REDIRECT_URI,POST_LOGOUT_REDIRECT_URI,SESSION_COOKIE_SECRET,PGHOST,PGUSER,PGPORT,PGPASSWORD,PGDATABASE,PGSSLMODE,SSH_DATABASE_CERTIFICATE,
+        tags: latest 
+        buildargs: GITHUB_USERNAME,GITHUB_TOKEN,AUTH0_DOMAIN,AUTH0_CLIENT_ID,AUTH0_CLIENT_SECRET,REDIRECT_URI,POST_LOGOUT_REDIRECT_URI,SESSION_COOKIE_SECRET,PGHOST,PGUSER,PGPORT,PGPASSWORD,PGDATABASE,PGSSLMODE,SSH_DATABASE_CERTIFICATE,
     - name: Deploy package to digitalocean
       uses: appleboy/ssh-action@master
       env:
@@ -71,15 +62,21 @@ jobs:
         PGPASSWORD: ${{  secrets.PGPASSWORD  }}
         PGDATABASE: ${{  secrets.PGDATABASE  }}
         PGSSLMODE: ${{  secrets.PGSSLMODE  }}
+        HTTPS_SERVER_PRIVKEY: ${{ secrets.HTTPS_SERVER_PRIVKEY }} #paths on server (should rename server path secrets to something more readable)
+        HTTPS_SERVER_FULLCHAIN: ${{ secrets.HTTPS_SERVER_FULLCHAIN }}
+        HTTPS_SERVER_CHAIN: ${{ secrets.HTTPS_SERVER_CHAIN }}
       with:
         host: ${{ secrets.DO_DROPLET_HOST }}
         username: ${{ secrets.DO_DROPLET_USERNAME }}
         password: ${{ secrets.DO_DROPLET_PASSWORD }}
         port: ${{ secrets.DO_DROPLET_PORT }}
-        envs: GITHUB_USERNAME,GITHUB_TOKEN,AUTH0_DOMAIN,AUTH0_CLIENT_ID,AUTH0_CLIENT_SECRET,REDIRECT_URI,POST_LOGOUT_REDIRECT_URI,SESSION_COOKIE_SECRET,PGHOST,PGUSER,PGPORT,PGPASSWORD,PGDATABASE,PGSSLMODE,SSH_DATABASE_CERTIFICATE
-        script: |  
+        envs: HTTPS_SERVER_PRIVKEY,HTTPS_SERVER_FULLCHAIN,HTTPS_SERVER_CHAIN,GITHUB_USERNAME,GITHUB_TOKEN,AUTH0_DOMAIN,AUTH0_CLIENT_ID,AUTH0_CLIENT_SECRET,REDIRECT_URI,POST_LOGOUT_REDIRECT_URI,SESSION_COOKIE_SECRET,PGHOST,PGUSER,PGPORT,PGPASSWORD,PGDATABASE,PGSSLMODE,SSH_DATABASE_CERTIFICATE
+        script: |  # reading key values from paths 
+          export SSL_PRIVKEY=$(cat $HTTPS_SERVER_PRIVKEY) #
+          export SSL_FULLCHAIN=$(cat $HTTPS_SERVER_FULLCHAIN)
+          export SSL_CHAIN=$(cat $HTTPS_SERVER_CHAIN)
           docker stop $(docker ps -a -q)
           echo $GITHUB_TOKEN | docker login --username $GITHUB_USERNAME --password-stdin docker.pkg.github.com
           docker pull docker.pkg.github.com/olaven/krets/image:latest
-          docker run -dit -p 80:3000 docker.pkg.github.com/olaven/krets/image:latest
+          docker run -dit -p 80:3000 docker.pkg.github.com/olaven/krets/image:latest -e SSL_PRIVKEY -e SSL_FULLCHAIN -e SSL_CHAIN
           
diff --git a/Dockerfile b/Dockerfile
@@ -17,26 +17,6 @@ ARG PGDATABASE
 ARG PGSSLMODE
 ARG SSH_DATABASE_CERTIFICATE
 
-# -- location on server 
-ARG HTTPS_SERVER_PRIVKEY
-ARG HTTPS_SERVER_FULLCHAIN
-ARG HTTPS_SERVER_CHAIN
-
-# -- copied to this location in container
-ARG HTTPS_CONTAINER_PRIVKEY
-ARG HTTPS_CONTAINER_FULLCHAIN
-ARG HTTPS_CONTAINER_CHAIN
-
-
-ARG SSL_CHAIN
-ARG SSL_FULLCHAIN
-ARG SSL_PRIVKEY
-
-ENV SSL_CHAIN = $SSL_CHAIN
-ENV SSL_FULLCHAIN = $SSL_FULLCHAIN
-ENV SSL_PRIVKEY = $SSL_PRIVKEY
-
-
 ## Assigning arguments to environment variables: 
 
 ENV AUTH0_DOMAIN $AUTH0_DOMAIN
@@ -54,19 +34,11 @@ ENV PGDATABASE $PGDATABASE
 ENV PGSSLMODE $PGSSLMODE
 ENV SSH_DATABASE_CERTIFICATE $SSH_DATABASE_CERTIFICATE
 
-ENV HTTPS_CONTAINER_PRIVKEY $HTTPS_CONTAINER_PRIVKEY
-ENV HTTPS_CONTAINER_FULLCHAIN $HTTPS_CONTAINER_FULLCHAIN
-ENV HTTPS_CONTAINER_CHAIN $HTTPS_CONTAINER_CHAIN
-
-
 WORKDIR /usr/src/app
 COPY package*.json ./
 RUN yarn cache clean && yarn --update-checksums
 COPY . ./
 
-COPY ${HTTPS_SERVER_PRIVKEY} ${HTTPS_CONTAINER_PRIVKEY}
-COPY ${HTTPS_SERVER_FULLCHAIN} ${HTTPS_CONTAINER_FULLCHAIN}
-COPY ${HTTPS_SERVER_CHAIN} ${HTTPS_CONTAINER_CHAIN}
 RUN yarn && yarn build
 CMD [ "yarn", "start" ]
 

diff --git a/src/server.js b/src/server.js
@@ -1,5 +1,5 @@
 // server.ts
-const { readFileSync } = require("fs");
+//const { readFileSync } = require("fs");
 const { createServer } = require('https')
 const { parse } = require('url')
 const next = require('next')
@@ -15,7 +15,7 @@ console.log("env here:", process.env);
 const httpsOptions = dev ? {} : {
     key: process.env.SSL_PRIVKEY.replace(/\\n/gm, '\n'), // readFileSync(process.env.SSL_PRIVKEY),
     cert: process.env.SSL_FULLCHAIN.replace(/\\n/gm, '\n'), // readFileSync(process.env.SSL_FULLCHAIN),
-    ca: process.env.SLL_CHAIN.replace(/\\n/gm, '\n'), // readFileSync(process.env.SLL_CHAIN)
+    ca: process.env.SSL_CHAIN.replace(/\\n/gm, '\n'), // readFileSync(process.env.SLL_CHAIN)
 };
 
 app.prepare().then(() => {