How to import private data with GitHub actions? - node.js

I'm working on a Node project involving several API keys. I stored the API keys in a configuration file config.js. Then I added config.js to .gitignore so that the API keys aren't revealed in the public repository. But when I try to npm run build with GitHub actions, there's an import error because config.js isn't in the repository.
Can I "simulate" config.js somehow on GitHub? Or should I setup an action to download config.js from elsewhere? Is there a better approach?
I'm using GitHub's boilerplate nodejs.yml:
name: Node CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [8.x, 10.x, 12.x]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: npm install, build, and test
run: |
npm install
npm run build --if-present
env:
CI: true
I'm fairly new to CI/CD. Thanks in advance!
UPDATE: I solved this problem using the accepted answer below. I stored config.js in a secret variable config on GitHub. Then I added a step in the workflow that creates config.js before it's needed:
...
- name: create config.js
run: echo '${{ secrets.config }}' > path/to/config.js
- name: npm install, build, and test
...

You could declare your key as a secret in GitHub Actions under the name you want (for instance 'my_secret_key')
See also "Creating and using secrets (encrypted variables)"
Said key can be referenced in your config.js as a variable $my_secret_key.

Related

Azure Functions deployment failing when using scm-do-build-during-deployment: true

I'm trying to deploy an Azure Functions Linux app using Github Actions. I've used the Deployment Center in the Azure Portal to connect my Github to enable CICD. Now that goes fine, but I want to use Playwright in my Azure Function, so I need to enable scm-do-build-during-deployment: true. I've added this setting to my workflow yaml, but then the deployment doesn't work anymore. I also added some other settings, which I came across when I searched the interwebs. Now this is the yaml I have:
# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy Node.js project to Azure Function App - app-name
on:
push:
branches:
- main
workflow_dispatch:
env:
AZURE_FUNCTIONAPP_PACKAGE_PATH: "." # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: "16.x" # set this to the node version to use (supports 8.x, 10.x, 12.x)
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: "Checkout GitHub Action"
uses: actions/checkout#v2
- name: Setup Node ${{ env.NODE_VERSION }} Environment
uses: actions/setup-node#v1
with:
node-version: ${{ env.NODE_VERSION }}
- name: "Resolve Project Dependencies Using Npm"
shell: bash
run: |
pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}'
npm install
npm run build --if-present
npm run test --if-present
popd
- name: "Run Azure Functions Action"
uses: Azure/functions-action#v1
id: fa
with:
app-name: "app-name"
slot-name: "Production"
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_A5413AC6097F4B21B4A709C270747826 }}
scm-do-build-during-deployment: true
enable-oryx-build: true
respect-funcignore: true
I also added the setting to my application settings in Azure, but to no avail. Furthermore, I added this setting: WEBSITE_RUN_FROM_PACKAGE=0 to the app settings.
Is there anything else I should try?
In the YAML the uses tag is not aligned with the name and the other tags
- name: "Run Azure Functions Action"
uses: Azure/functions-action#v1
id: fa
Add PLAYWRIGHT_BROWSERS_PATH in app settings with its value set to zero.
Rest remains the same and I was able to deploy the function.

What's the best way to share the output between Github Actions reusable workflows?

I have a bunch of Github Actions that require exactly the same init process. I decided to implement a reusable workflow, but it turned out that the data is not shared between workflows.
I managed to solve that issue using actions/cache. I simply cache all the files with path: '**/**', but I have a feeling that it's not an optimal approach. It doesn't feel like actions/cache was meant to be used for sharing the entire build directory. It was rather designed for sharing things like node_modules or other generated files to save processing time.
The solution provided below works, but it feels hacky. I wonder is there a better solution that would not require caching (I know I could use artifacts but it also doesn't feel right).
That's what I ended up with:
# ./.github/workflows/init.yml
name: init
on: workflow_call
jobs:
init:
name: Init
runs-on: ubuntu-20.04
steps:
- name: Cache
uses: actions/cache#v3
with:
path: '**/**' # Cache all files
key: build-files-{{ github.sha }} # makes the key unique for each commit
- name: Checkout code
uses: actions/checkout#v2
with:
token: ${{ secrets.NPM_TOKEN }}
- name: Install Node
uses: actions/setup-node#v2
with:
always-auth: true
node-version: 12.x
cache: 'npm'
registry-url: 'https://npm.pkg.github.com'
scope: '#my-company-namespace'
- name: Install NPM packages
run: npm install
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
- name: Download translations
run: npm run translations
env:
I18N_PROJECT_ID: ${{secrets.I18N_PROJECT_ID}}
I18N_API_KEY: ${{secrets.I18N_API_KEY}}
# ./.github/workflows/linter.yml
name: Linter
on: [push]
jobs:
init:
secrets: inherit
uses: ./.github/workflows/init.yml # re-use the init.yml workflow
linter:
runs-on: ubuntu-20.04
needs: [init]
steps:
- name: Cache
uses: actions/cache#v3
with:
path: '**/**' # restore cached files
key: build-files-{{ github.sha }}
- name: Linter
run: npm run lint

how to access a private npm package via github actions?

I think this is a pretty straightforward question. Still, I'm finding lots of different resources suggesting going down different paths, installing different things, and generally speaking, so far everything seems all over the place.
In my case, I made a private package on npm. I'm trying to do a basic on push to main > run ci and build github action. However, I have my own custom private npm package, part of an org I made on npm. When the pipeline triggers I get the following response:
The current node.js.yml file looks like so:
name: Node.js CI
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
on:
push:
branches: ['main']
pull_request:
branches: ['main']
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout#v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: echo "Running pipeline."
- run: npm ci
- run: npm run build --if-present
- run: npm test
There's not enough information in it yet, other than a read-only key provide (per npm docs), but I don't know if that's a step in the right direction or if I need to do something entirely different. As I said, I'm not too familiar with this space and any help would be appreciated.
Turns out I needed to add an .npmrc file, with NPM_TOKEN as a github secret.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
You have to create an .npmrc file with proper authToken.
Add your authToken to your GitHub Environemnt Secrets (for example as: NPM_TOKEN) and then use to create a file using bash script for example:
- name: "Create .npmrc"
run: |
echo "registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
Then you can call npm install.

Is there any way to leave a folder unchanged after github action push

I have a nodejs project that stores images locally in the same location as the code src/uploads. The problem arises when I try to trigger the cicd pipeline using githubaction. As it just simply dumps the code from github to my repo(digital ocean droplet). Since the digital ocean droplet repo contains images that's been uploaded by the users, when the pipeline gets triggered the photos get removed as the github repository does not have those images. How do I solve this issue
yaml file for workflow
on:
push:
branches: [ dev ]
pull_request:
branches: [ dev ]
jobs:
build:
runs-on: self-hosted
strategy:
matrix:
node-version: [14.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v2
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm i
- run: npm run build
- run: pm2 restart project-api

Github Actions Organisation node deployment to github pages

I have been trying to deploy a create-react-app using GitHub actions which deploys the React application to gh-pages and I get the following error when trying to deploy: -
Find out more about deployment here:
bit.ly/CRA-deploy
Cloning into '/home/runner/work/some/some/node_modules/.cache/gh-pages/github.com!***!some.git'...
remote: Repository not found.
fatal: repository 'https://github.com/***/some.git/' not found
Error: The operation was canceled.
I have the following node.js.yml
name: MasterDeployCI
on:
push:
branches:
- production
- gh-pages
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [8.x, 10.x, 12.x]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Install Packages
run: CI=false npm install
- name: Deploy to GH Pages
run: |
git config --global user.email ${{secrets.EMAIL}}
git config --global user.name ${{secrets.USERNAME}}
git remote set-url origin https://${{secrets.SECRET}}#github.com/${{secrets.USERNAME}}/some.git
CI=false npm run deploy
I have tried looking through the documentation and google but have been unable to find a solution.
https://github.com/Saharadigital/sahara-digital/blob/develop/.github/workflows/node.js.yml#L28
It seems secrets.USERNAME is not exists on repositories secret page. Did you checked?
https://github.com/Saharadigital/sahara-digital/runs/1311779817#step:5:4 this is also shows the same.

Resources