Skip to content

Get GHA pipelines established #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: production
Choose a base branch
from
Draft

Get GHA pipelines established #141

wants to merge 11 commits into from

Conversation

@TTTriplicate
Copy link

@TTTriplicate TTTriplicate commented Dec 19, 2024

This is still a draft, getting a few last things settled.

Basic idea is this:

  • Set this to run on push to production branch
  • set protection rules on production branch, e.g. no push to it without approval from @CodeCrow
    • Bypass rule for @CodeCrow to still be able to go if needed
  • Move all secrets into the GHA settings per-environment
    • (I've added you as a contributor to this repo so you can investigate those settings)

This will hide the currently exposed secrets from anyone scraping GitHub for exactly that kind of data, as well as automatically maintaining the current Prod version of the website in sync with the current state of code.

TODO

  • Needs the current exact deploy command
  • Needs a way to inject the secrets for use
    • could be as simple as a heredoc dropping them into a .envrc on the runner, and putting the existing .envrc in the .gitignore
  • Need to cycle the secrets so that the in-use secrets are no longer exposed.

TTTriplicate
TTTriplicate commented Dec 19, 2024
View reviewed changes
.github/workflows/build-and-deploy.yml
# Get exact command from Rob
# Feed it the secrets e.g. SECRET__PAYPAL_CLIENT_ID
# - name: deploy
# run: fab deploy --environment ${{ inputs.environment }}
Copy link
Author

@TTTriplicate TTTriplicate Dec 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you can drop the command here, I can work out the rest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TTTriplicate @CodeCrow