[英]github actions multiple dotenv files
I have struggled with how to write this so please bear with me.我一直在努力写这个,所以请多多包涵。 Ill try and be as clear as possible: Setup:
我会尽量说清楚: 设置:
Now, using GitHub Actions, we deploy to a different domain based on the branch.现在,使用 GitHub 操作,我们根据分支部署到不同的域。
What I cant solve is how best to handle the different dotenv files.我无法解决的是如何最好地处理不同的 dotenv 文件。 During build, dotenv is used to build the final product.
在构建期间,dotenv 用于构建最终产品。 IDEALLY I would like to keep as much of the env file contents in a GitHub Secret for obvious reasons, but I am not sure if this is possible.
理想情况下,出于显而易见的原因,我想将尽可能多的 env 文件内容保留在 GitHub Secret 中,但我不确定这是否可行。 The other option is to have 3 dotenv files based on the branch but that just adds complexity and confusion around keeping them all in sync.
另一种选择是基于分支拥有 3 个 dotenv 文件,但这只会增加复杂性和使它们保持同步的混乱。
What is the best way to handle this so each deploy gets the right settings inside the dotenv file?处理此问题的最佳方法是什么,以便每次部署都能在 dotenv 文件中获得正确的设置?
Disclaimer: I have no clue about best practices for dotenv.免责声明:我对 dotenv 的最佳实践一无所知。
If you have a secret that's larger than the allowed 64 KB, you can follow the instructions for Limits for secrets , roughly this:如果您的密钥大于允许的 64 KB,您可以按照密钥限制的说明进行操作,大致如下:
Encrypt your secret:加密你的秘密:
gpg --symmetric --cipher-algo AES256.env
Store the passphrase as a secret, for example LARGE_SECRET_PASSPHRASE
将密码存储为秘密,例如
LARGE_SECRET_PASSPHRASE
Add the encrypted file to the repository, for example as .env.gpg
将加密文件添加到存储库,例如
.env.gpg
To decrypt in a workflow, run something like要在工作流中解密,请运行类似
run: | gpg --quiet --batch --yes --decrypt \ --passphrase=${{ secrets.LARGE_SECRET_PASSPHRASE }} \ --output.env.env.gpg
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.