From cc1d50f8e7fa97560880331c211ec109fef8a91e Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Thu, 19 Nov 2020 14:15:17 +0530 Subject: [PATCH] wrangler: leverage env and secrets Signed-off-by: Harsh Shandilya --- .github/workflows/deploy-to-cloudflare.yml | 8 +++++--- .gitignore | 1 - config/wrangler-main.toml.enc | Bin 304 -> 0 bytes config/wrangler-staging.toml.enc | Bin 320 -> 0 bytes scripts/decrypt-secret.sh | 13 ------------- wrangler.toml | 13 +++++++++++++ 6 files changed, 18 insertions(+), 17 deletions(-) delete mode 100644 config/wrangler-main.toml.enc delete mode 100644 config/wrangler-staging.toml.enc delete mode 100755 scripts/decrypt-secret.sh create mode 100644 wrangler.toml diff --git a/.github/workflows/deploy-to-cloudflare.yml b/.github/workflows/deploy-to-cloudflare.yml index 973bf07..c9497ab 100644 --- a/.github/workflows/deploy-to-cloudflare.yml +++ b/.github/workflows/deploy-to-cloudflare.yml @@ -29,11 +29,12 @@ jobs: npm install -g @cloudflare/wrangler mkdir -p ~/.wrangler/config/ echo "api_token=\"${CF_API_TOKEN}\"" > ~/.wrangler/config/default.toml - ./scripts/decrypt-secret.sh config/wrangler-main.toml.enc wrangler.toml ${SECRETS_ENC_KEY} - ~/bin/wrangler publish + ~/bin/wrangler publish --env production env: SECRETS_ENC_KEY: ${{ secrets.SECRETS_ENC_KEY }} CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }} + CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} deploy-staging: if: "contains(github.event.head_commit.message, '[staging]')" @@ -58,8 +59,9 @@ jobs: npm install -g @cloudflare/wrangler mkdir -p ~/.wrangler/config/ echo "api_token=\"${CF_API_TOKEN}\"" > ~/.wrangler/config/default.toml - ./scripts/decrypt-secret.sh config/wrangler-staging.toml.enc wrangler.toml ${SECRETS_ENC_KEY} ~/bin/wrangler publish env: SECRETS_ENC_KEY: ${{ secrets.SECRETS_ENC_KEY }} CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }} + CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} diff --git a/.gitignore b/.gitignore index 9de3ca8..3aa09f2 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,3 @@ node_modules/ transpiled/ worker/ package-lock.json -wrangler.toml diff --git a/config/wrangler-main.toml.enc b/config/wrangler-main.toml.enc deleted file mode 100644 index 700f73d3e363fdb409a9e90187cf7d6bc4296eba..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 304 zcmV-00nh$ZVQh3|WM5w>f6_faz)8U^wKDfVz5ILv~b02?LB)wiyWkC&F80 z#ZQHo+;Eyj9O*QVs=7y0XMGp8R&n}xHmi`PHhp5*=^Dv*Z)538&IEtwf+cTiggyZR z407m=v^zH>xX(o`&~!$nKVI7SUclX$Wk9XeVH6A`L^4ec0y=WjL`y|Y93LhFr9JRj z`PIZ>ObeLbHH~_el4VknBtY^zUaWi|imWjSSwrFvvSFS<6~d_)wQgb;CmgzbS)v_n zd)iP-NQoFPJ8n5mFcMaPRAKtGvWrAQYscYo%JWFws95*1G>rocJ}lWjHL%B`t^KlQ zF+j^cXr}l2xZ5PF_qK99K>2n(SlA@RjjIoaGrIA(eAzm%8zb(65rAGC)kF7o_`Y;1 zDRa-NP3I;AIc17z@!Gs-j7GF}fISZQeBXDua@2xf8YCRDhYKS#yetR7Z&fx(=&;y# zN=@MSdtsBzi5Sxop(@piU{aa=kSYe3)R4cnrNf~v%n>>AMeY7U7~OAEwyIs_crwKe SQR88So{#Fyb#LZF*UKzLvz(~_ diff --git a/scripts/decrypt-secret.sh b/scripts/decrypt-secret.sh deleted file mode 100755 index b417a7b..0000000 --- a/scripts/decrypt-secret.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -INPUT_FILE=$1 -OUTPUT_FILE=$2 -ENCRYPT_KEY=$3 - -if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then - openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}" -else - echo "Usage: ./decrypt-secret.sh " -fi diff --git a/wrangler.toml b/wrangler.toml new file mode 100644 index 0000000..878c800 --- /dev/null +++ b/wrangler.toml @@ -0,0 +1,13 @@ +name = "msfjarvis-dev-staging" +type = "webpack" +webpack_config = "webpack.config.js" +workers_dev = false +route = "staging.msfjarvis.dev/*" + +[site] +bucket = "./public" +entry-point = "workers-site" + +[env.production] +name = "msfjarvis-dev" +route = "msfjarvis.dev/*"