wrangler: leverage env and secrets

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-11-19 14:15:17 +05:30 · 2020-11-19 14:15:17 +05:30 · cc1d50f8e7
parent 67fba3aab6
commit cc1d50f8e7
6 changed files with 18 additions and 17 deletions
--- a/.github/workflows/deploy-to-cloudflare.yml
+++ b/.github/workflows/deploy-to-cloudflare.yml
@ -29,11 +29,12 @@ jobs:
          npm install -g @cloudflare/wrangler
          mkdir -p ~/.wrangler/config/
          echo "api_token=\"${CF_API_TOKEN}\"" > ~/.wrangler/config/default.toml
-          ./scripts/decrypt-secret.sh config/wrangler-main.toml.enc wrangler.toml ${SECRETS_ENC_KEY}
-          ~/bin/wrangler publish
+          ~/bin/wrangler publish --env production
        env:
          SECRETS_ENC_KEY: ${{ secrets.SECRETS_ENC_KEY }}
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }}
+          CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}

  deploy-staging:
    if: "contains(github.event.head_commit.message, '[staging]')"
@ -58,8 +59,9 @@ jobs:
          npm install -g @cloudflare/wrangler
          mkdir -p ~/.wrangler/config/
          echo "api_token=\"${CF_API_TOKEN}\"" > ~/.wrangler/config/default.toml
-          ./scripts/decrypt-secret.sh config/wrangler-staging.toml.enc wrangler.toml ${SECRETS_ENC_KEY}
          ~/bin/wrangler publish
        env:
          SECRETS_ENC_KEY: ${{ secrets.SECRETS_ENC_KEY }}
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }}
+          CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
--- a/.gitignore
+++ b/.gitignore
@ -5,4 +5,3 @@ node_modules/
 transpiled/
 worker/
 package-lock.json
-wrangler.toml
--- a/config/wrangler-main.toml.enc
+++ b/config/wrangler-main.toml.enc
--- a/config/wrangler-staging.toml.enc
+++ b/config/wrangler-staging.toml.enc
--- a/scripts/decrypt-secret.sh
+++ b/scripts/decrypt-secret.sh
@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-INPUT_FILE=$1
-OUTPUT_FILE=$2
-ENCRYPT_KEY=$3
-
-if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then
-    openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}"
-else
-    echo "Usage: ./decrypt-secret.sh <input file> <output file> <encryption key>"
-fi
--- a/wrangler.toml
+++ b/wrangler.toml
@ -0,0 +1,13 @@
+name = "msfjarvis-dev-staging"
+type = "webpack"
+webpack_config = "webpack.config.js"
+workers_dev = false
+route = "staging.msfjarvis.dev/*"
+
+[site]
+bucket = "./public"
+entry-point = "workers-site"
+
+[env.production]
+name = "msfjarvis-dev"
+route = "msfjarvis.dev/*"