Skip to content

secret exposure via echo #33

secret exposure via echo

secret exposure via echo #33

Workflow file for this run

name: Deploy to PROD
on:
push:
branches: [ prod ]
pull_request:
branches: [ prod ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: prod
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get smart tag
id: prepare
uses: Surgo/docker-smart-tag-action@v1
with:
docker_image: sanpetepantry/web
tag_with_sha: true
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
file: SanpetePantry/Dockerfile
push: true
tags: ${{ steps.prepare.outputs.tag }}
build-args: |
exampleArg=exampleArgValue
otherArg=$GITHUB_SHA
- name: Image Digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: SFTP uploader
uses: wangyucode/[email protected]
with:
host: ${{ secrets.LINODE_PROD_SERVER }}
username: ${{ secrets.LINODE_PROD_USER }}
password: ${{ secrets.LINODE_PROD_PASSWORD }}
localDir: scripts
remoteDir: scripts
- name: Start the service
uses: garygrossgarten/[email protected]
with:
command: cd scripts && /snap/bin/pwsh ./restart.ps1 -tag ${{ steps.prepare.outputs.tag}} -branch prod
host: ${{ secrets.LINODE_PROD_SERVER }}
username: ${{ secrets.LINODE_PROD_USER }}
password: ${{ secrets.LINODE_PROD_PASSWORD }}