Use outputs instead of secrets in with

CodeForAfrica · Oct 8, 2024 · 074968d · 074968d
1 parent 2cfa53f
commit 074968d
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 21 deletions.
diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml
@@ -3,14 +3,18 @@ name: CD | charterafrica
 on:
   workflow_call:
     inputs:
+      NODE_ENV:
+        required: true
+        type: string
+        description: "development|production"
       app_url:
         required: true
         type: string
         description: "App final URL"
-      NODE_ENV:
+      seo_disabled:
         required: true
         type: string
-        description: "development|production"
+        description: "false|true"
       build_args:
         required: false
         type: string
@@ -25,29 +29,56 @@ on:
         description: "The dokku app's git repository url in SSH format"
 
 jobs:
+  # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause
+  # https://github.com/github/roadmap/issues/636
+  secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      MONGO_URL: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_MONGO_URL }}
+      NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
+      NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
+      NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_GA_MEASUREMENT_ID }}
+      NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_SENTRY_DSN }}
+      PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}
+      SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }}
+    steps:
+      - id: output-secrets
+        run: |
+          echo "CHARTERAFRICA_GA_MEASUREMENT_ID=${{ secrets.CHARTERAFRICA_GA_MEASUREMENT_ID }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT"
+
   build-docker-image:
     name: Build Docker Image
+    needs:
+      - secrets
     uses: ./.github/workflows/build-docker-image.yml
-    secrets: inherit
     with:
       build_args: |
         ${{ inputs.build_args }}
-        MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}
+        MONGO_URL=${{ needs.secrets.outputs.MONGO_URL }}
         NEXT_PUBLIC_APP_URL=${{ inputs.app_url }}
-        NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}
+        NEXT_PUBLIC_GA_MEASUREMENT_ID=${{ needs.secrets.outputs.NEXT_PUBLIC_GA_MEASUREMENT_ID }}
+        NEXT_PUBLIC_SENTRY_DSN=${{  needs.secrets.outputs.NEXT_PUBLIC_SENTRY_DSN }}
+        NEXT_PUBLIC_SEO_DISABLED=${{ inputs.seo_disabled }}
         NODE_ENV=${{ inputs.NODE_ENV }}
-        PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}
+        PAYLOAD_SECRET_KEY=${{ needs.secrets.outputs.PAYLOAD_SECRET }}
         SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }}
-        SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-        SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}
+        SENTRY_ORG=${{ vars.SENTRY_ORG }}
+        SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }}
       tags: ${{ inputs.tags }}
       target: charterafrica-runner
+    secrets: inherit
 
   push-to-dokku:
     name: Push to Dokku
     needs: [build-docker-image]
     uses: ./.github/workflows/push-to-dokku.yml
-    secrets: inherit
     with:
       git_remote_url: ${{ inputs.git_remote_url }}
       deploy_docker_image: ${{ inputs.tags }}
+    secrets: inherit
diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml
@@ -23,23 +23,48 @@ on:
         required: true
         type: string
         description: "The dokku app's git repository url in SSH format"
+    secrets:
+      CODEFORAFRICA_MONGODB_URL:
+        required: true
+      NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL:
+        required: false
 
 jobs:
+  # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause
+  # https://github.com/github/roadmap/issues/636
+  secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      MONGODB_URL: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_MONGODB_URL }}
+      NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
+      NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
+      PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_PAYLOAD_SECRET }}
+      SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }}
+    steps:
+      - id: output-secrets
+        run: |
+          echo "CODEFORAFRICA_MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT"
+          echo "CODEFORAFRICA_PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" >> "$GITHUB_OUTPUT"
+          echo "CODEFORAFRICA_SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT"
+
   build-docker-image:
     name: Build Docker Image
+    needs:
+      - secrets
     uses: ./.github/workflows/build-docker-image.yml
     with:
       build_args: |
         ${{ inputs.build_args }}
-        MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}
-        NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
-        NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
+        MONGODB_URL=${{ needs.secrets.outputs.MONGODB_URL }}
+        NEXT_PUBLIC_APP_LOGO_URL=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_LOGO_URL }}
+        NEXT_PUBLIC_APP_NAME=${{  needs.secrets.outputs.NEXT_PUBLIC_APP_NAME }}
         NEXT_PUBLIC_APP_URL=${{ inputs.app_url }}
         NODE_ENV=${{ inputs.NODE_ENV }}
-        PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}
+        PAYLOAD_SECRET=${{ needs.secrets.outputs.PAYLOAD_SECRET }}
         SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }}
-        SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}
-        SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }}
+        SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }}
       tags: ${{ inputs.tags }}
       target: "codeforafrica-runner"
     secrets: inherit

diff --git a/.github/workflows/_cd-dev.yaml b/.github/workflows/_cd-dev.yaml
@@ -12,12 +12,13 @@ jobs:
     needs:
       - apps-path-filter
     if: ${{ needs.apps-path-filter.outputs.charterafrica == 'true' }}
-    uses: ./.github/workflows/_cd-codeforafrica.yaml
+    uses: ./.github/workflows/_cd-charterafrica.yaml
     with:
-      NODE_ENV: "development"
+      NODE_ENV: development
       app_url: "https://charterafrica.dev.codeforafrica.org"
-      git_remote_url: "ssh://[email protected]/charterafrica-ui"
+      seo_disabled: true
       tags: "codeforafrica/charterafrica-ui:${{ github.sha }}"
+      git_remote_url: "ssh://[email protected]/charterafrica-ui"
     secrets: inherit
 
   cd-dev-codeforafrica:
@@ -28,6 +29,6 @@ jobs:
     with:
       NODE_ENV: "development"
       app_url: "https://codeforafrica-ui.dev.codeforafrica.org"
-      git_remote_url: "ssh://[email protected]/codeofrafrica-ui"
       tags: "codeforafrica/codeforafrica-ui:${{ github.sha }}"
+      git_remote_url: "ssh://[email protected]/codeofrafrica-ui"
     secrets: inherit
diff --git a/.github/workflows/_cd-prod.yaml b/.github/workflows/_cd-prod.yaml
@@ -9,12 +9,14 @@ jobs:
     uses: ./.github/workflows/_app-version-check.yaml
     with:
       file-name: "./apps/charterafrica/package.json"
+    secrets: inherit
 
   version-check-codeforafrica:
     name: Version Check | codeforafrica
     uses: ./.github/workflows/_app-version-check.yaml
     with:
       file-name: "./apps/codeforafrica/package.json"
+    secrets: inherit
 
   prod-cd-charterafrica:
     name: Deploy | charterafrica
@@ -25,8 +27,9 @@ jobs:
     with:
       NODE_ENV: production
       app_url: https://charter.africa
-      git_remote_url: ssh://[email protected]/charterafrica-ui
+      seo_disabled: false
       tags: "codeforafrica/charterafrica-ui:${{ needs.version-check-charterafrica.outputs.version }}"
+      git_remote_url: ssh://[email protected]/charterafrica-ui
     secrets: inherit
 
   prod-cd-codeforafrica:
@@ -38,6 +41,6 @@ jobs:
     with:
       NODE_ENV: production
       app_url: https://cfa.dev.codeforafrica.org
-      git_remote_url: ssh://[email protected]/codeforafrica-ui
       tags: "codeforafrica/codeforafrica-ui:${{ needs.version-check-codeforafrica.outputs.version }}"
+      git_remote_url: ssh://[email protected]/codeforafrica-ui
     secrets: inherit
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -23,6 +23,7 @@ jobs:
   apps-path-filter:
     name:
     uses: ./.github/workflows/_app-path-filter.yaml
+    secrets: inherit
 
   cd-dev:
     needs:
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,6 +23,7 @@ jobs: @@
       apps-path-filter:
         name:
         uses: ./.github/workflows/_app-path-filter.yaml
+        secrets: inherit
       cd-dev:
         needs:
@@ Expand Down @@