move secrets to env through cicd

2025-05-01 14:08:20 +02:00
parent 1a99d6023c
commit 46c6c410b9
6 changed files with 29 additions and 13 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -120,6 +120,15 @@ jobs:
      # Deploy to mara
      # ------------------------------------------------------------------
      - name: Deploy Locally
+        env:
+          DB_HOST: ${{ vars.DB_HOST }}
+          DB_USER: ${{ vars.DB_USER }}
+          DB_NAME: ${{ vars.DB_NAME }}
+          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+          REDIS_URL: ${{ vars.REDIS_URL }}
+          PEPPER: ${{ secrets.PEPPER }}
+          JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
+          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
        run: |
          #!/bin/bash -ex

--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # backend
 backend/env
 backend/.env.local
+backend/.env.prod.bak
 backend/db
 backend/redis_data

--- a/backend/.env.deploy
+++ b/backend/.env.deploy
@@ -1,10 +0,0 @@
-DB_HOST = "db"
-DB_USER = "maia"
-DB_PASSWORD = "Cr7#qVVYF*8s&#jsnay^!EDf5X31Fs"
-DB_NAME = "maia"
-
-REDIS_URL = "redis://redis:6379"
-
-PEPPER = "LsD7%"
-JWT_SECRET_KEY="1c8cf3ca6972b365f8108dad247e61abdcb6faff5a6c8ba00cb6fa17396702bf"
-GOOGLE_API_KEY="AIzaSyBrte_mETZJce8qE6cRTSz_fHOjdjlShBk"
--- a/backend/core/pycache/config.cpython-312.pyc
+++ b/backend/core/pycache/config.cpython-312.pyc
--- a/backend/core/config.py
+++ b/backend/core/config.py
@@ -2,7 +2,7 @@
 from pydantic_settings import BaseSettings
 import os

-DOTENV_PATH = os.path.join(os.path.dirname(__file__), "../.env.local")
+DOTENV_PATH = os.path.join(os.path.dirname(__file__), "../.env")


 class Settings(BaseSettings):
--- a/backend/docker-compose.deploy.yml
+++ b/backend/docker-compose.deploy.yml
@@ -5,6 +5,15 @@ services:
    container_name: MAIA_API
    restart: unless-stopped
    command: uvicorn main:app --host 0.0.0.0 --port 8000
+    environment:
+      DB_HOST: ${DB_HOST}
+      DB_USER: ${DB_USER}
+      DB_NAME: ${DB_NAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      REDIS_URL: ${REDIS_URL}
+      PEPPER: ${PEPPER}
+      JWT_SECRET_KEY: ${JWT_SECRET_KEY}
+      GOOGLE_API_KEY: $GOOGLE_API_KEY}
    expose:
      - "8000"
    depends_on:
@@ -12,8 +21,6 @@ services:
      - redis
    networks:
      - default
-    env_file:
-      - ./.env.deploy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.maia.rule=Host(`maia.depaoli.id.au`)"
@@ -29,6 +36,15 @@ services:
    container_name: MAIA_Worker
    restart: unless-stopped
    command: celery -A core.celery_app worker --loglevel=info
+    environment:
+      DB_HOST: ${DB_HOST}
+      DB_USER: ${DB_USER}
+      DB_NAME: ${DB_NAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      REDIS_URL: ${REDIS_URL}
+      PEPPER: ${PEPPER}
+      JWT_SECRET_KEY: ${JWT_SECRET_KEY}
+      GOOGLE_API_KEY: $GOOGLE_API_KEY}
    depends_on:
      - db
      - redis