Добавляю отчет #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Secure CI/CD Pipeline with Doppler | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Fetch Secrets with Doppler (Secure) | |
| env: | |
| DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} | |
| run: | | |
| docker run --rm -e DOPPLER_TOKEN=${DOPPLER_TOKEN} dopplerhq/cli:latest run -- printenv > secrets.env | |
| - name: Load Secrets into Environment | |
| run: | | |
| set -o allexport | |
| source secrets.env | |
| set +o allexport | |
| shell: bash | |
| - name: Use Secrets Securely | |
| run: | | |
| echo "Building application with a hidden secret..." | |
| echo "SECRET_KEY is set, but it won't appear in logs!" | |
| export DATABASE_URL="postgresql://user:$SECRET_KEY@localhost:5432/mydatabase" | |
| echo "Connecting to the database using the secret!" | |
| if [ -f "./run_database_migrations.sh" ]; then | |
| ./run_database_migrations.sh --db-url=$DATABASE_URL | |
| else | |
| echo "Migration script not found. Skipping migrations." | |
| fi | |
| env: | |
| SECRET_KEY: $SECRET_KEY |