.env file not in Heroku CI/CD with Gitlab

Question

I am trying to deploy a Node.js application to Heroku via a GitLab pipeline. The below is my pipeline code. I have the variables set in the GitLab project. It seems as though the .env file is not uploaded to the Heroku app and the app crashes.

 image: node:latest before_script: - apt-get update -qy - apt-get install -y ruby-dev - gem install dpl # - npm link @angular/cli stages: # - test - production # unit-test: # stage: test # image: trion/ng-cli-karma:latest # script: # - npm install # - ng test # only: # - master production: type: deploy stage: production image: ruby:latest script: - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env - dpl --provider=heroku --app=$HEROKU_APP_PRODUCTION --api-key=$HEROKU_API_KEY --skip_cleanup only: - master

Answer 1

It seems as though the .env file is not uploaded to the Heroku app

Nor should it be.

.env files are a convenient mechanism for setting environment variables in development . On Heroku, you should use config vars , which are its convenient mechanism for setting environment variables, eg

heroku config:set API_KEY=SOME_API_KEY

Note that you may need to quote values if they contain characters like < or | which are meaningful to whatever shell you are using.

If you need these variables at build time, you can set environment variables as part of your GitLab configuration (committed to your repository) or in group-level secrets (not committed, and in some ways more aligned with the concept of per-environment settings).

Each environment in which you run your application is different and should have its own environment variables. It is normal and expected that they don't follow your application around. This is one of the fundamental principles upon which Heroku's model was designed.

Answer 2

With this.yml file I am able to build my docker image and deploy to both of my Digital Ocean droplets at once with a load balancer in front of them.

 # ssh-keyscan gitlab.com >> authorized_keys: use this command to add gitlab ssh keys to sever. Run on server terminal # cat ~/.ssh/id_rsa.pub >> authorized_keys: Run this command on the sever on the terminal. # Both COMMANDS ABOVE ARE necessary. # Have to put.env echo statments in Docker build stage because documents dont persist. Artifacts could be used. stages: - build - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHA build-App: image: docker:latest stage: build services: - docker:dind script: - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env - cat.env - docker build. -t $TAG_COMMIT -t $TAG_LATEST - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST deploy-1: image: ubuntu:latest stage: deploy tags: - deployment before_script: - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' - eval $(ssh-agent -s) - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub - chmod 600 ~/.ssh/* - chmod 644 ~/.ssh/*.pub - ssh-add - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ls -ld ~/.ssh/* script: - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 3000:3000 --name my-app $TAG_COMMIT" environment: name: production url: http://134.122.23.185 only: - master deploy-2: image: ubuntu:latest stage: deploy tags: - deployment-backup before_script: - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' - eval $(ssh-agent -s) - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_PRIVATE_KEY_BACKUP" | tr -d '\r' > ~/.ssh/id_rsa - echo "$SSH_PUBLIC_KEY_BACKUP" | tr -d '\r' > ~/.ssh/id_rsa.pub - chmod 600 ~/.ssh/* - chmod 644 ~/.ssh/*.pub - ssh-add - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ls -ld ~/.ssh/* script: - ssh -o StrictHostKeyChecking=no $SERVER_USER_BACKUP@$SERVER_IP_BACKUP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER_BACKUP@$SERVER_IP_BACKUP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER_BACKUP@$SERVER_IP_BACKUP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER_BACKUP@$SERVER_IP_BACKUP "docker run -d -p 3000:3000 --name my-app $TAG_COMMIT" environment: name: production-backup url: http://161.35.123.72 only: - master