diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 24d99c0..66b3443 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,15 +28,12 @@ jobs: curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose + - name: Set up password + run: | + mkdir guestbook + echo ${{ secrets.DB_PASSWORD }} > guestbook/db-password.txt + - name: Run Docker Compose run: | - export DB_PASSWORD=${{ secrets.DB_PASSWORD }} export DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d - - # - name: Copy over the docker compose file - # run: | - # scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml - # - name: Deploy code via SSH - # run: | - # ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" diff --git a/compose.prod.yaml b/compose.prod.yaml index 6b45dee..b727d84 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -48,9 +48,11 @@ services: - "traefik.http.routers.proxy.tls.certresolver=myresolver" # Enable watchtower - "com.centurylinklabs.watchtower.enable=true" + secrets: + - db-password environment: - POSTGRES_HOST=db - - POSTGRES_PASSWORD=$DB_PASSWORD + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password - POSTGRES_USER=postgres - POSTGRES_DB=guestbook - POSTGRES_PORT=5432 @@ -68,10 +70,12 @@ services: user: postgres volumes: - db-data:/var/lib/postgresql/data + secrets: + - db-password environment: - POSTGRES_DB=guestbook - #- POSTGRES_PASSWORD_FILE=/run/secrets/db-password - - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + #- POSTGRES_PASSWORD=${DB_PASSWORD} expose: - 5432 healthcheck: @@ -84,4 +88,4 @@ volumes: letsencrypt: secrets: db-password: - environment: DB_PASSWORD + file: ./db-password.txt