1

I want to do a simple CD/CD to do automatic deployments for my Laravel project but turns out my .env file is always replaced. How do I make sure it's not always replaced

Here is my action file

name: Laravel

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  laravel-tests:

    runs-on: self-hosted

    steps:
    - uses: shivammathur/setup-php@b7d1d9c9a92d8d8463ce36d7f60da34d461724f8
      with:
        php-version: '7.4'
    - uses: actions/checkout@v2
    - name: Copy .env
      run: php -r "file_exists('.env') || copy('.env.example', '.env');"
    - name: Install Dependencies
      run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
    - name: Generate key
      run: php artisan key:generate
    - name: Directory Permissions
      run: chmod -R 777 storage bootstrap/cache
    - name: Create Database
      run: |
        mkdir -p database
        touch database/database.sqlite
    - name: Execute tests (Unit and Feature tests) via PHPUnit
      env:
        DB_CONNECTION: sqlite
        DB_DATABASE: database/database.sqlite
      run: vendor/bin/phpunit
torek
  • 448,244
  • 59
  • 642
  • 775
iamafasha
  • 848
  • 10
  • 29
  • It looks like the `Copy .env` step would do that... skip that step if you don't want to modify your `.env`? – Benjamin W. Sep 10 '21 at 14:32
  • now it fails with `file_get_contents(/.../.../../.env): failed to open stream: No such file or directory` when I remove that line – iamafasha Sep 10 '21 at 15:00
  • To me, it seems like when the computer is pulling from GitHub it literally deletes the folder and creates another one – iamafasha Sep 10 '21 at 16:36
  • https://docs.github.com/en/actions/reference/environment-variables You should use this – Ben Gooding Sep 16 '21 at 14:33
  • You can just add the config you want in your .env.example file, then every time it creates .env it will have content you want. – Ravi Patel Sep 17 '21 at 08:27

2 Answers2

3

Each time your workflow run you will get a new machine. Thus there is no files you created them on previous run. As this if you need to have some file created at runtime you need to repeat this step each time.

Please check it here to understand better github ations basics.

You don't have much options to share this file accros run, as keeping secrets in artifacts is bad choice. So you need to recreate this file each time you need it based on the secret which you may keep in secrets context. Please check this link:

- name: Create env file
        run: |
          cat << EOF >> .env
          API_ENDPOINT="https://xxx.execute-api.us-west-2.amazonaws.com"
          API_KEY=${{ secrets.API_KEY }}
          EOF
Krzysztof Madej
  • 32,704
  • 10
  • 78
  • 107
  • SO does this mean I can't do full cd using GitHub actions? – iamafasha Sep 13 '21 at 11:56
  • You can of course. But this file should be part of your repo or part of your artifact later used for deployment. Please check this https://docs.github.com/en/actions/guides/storing-workflow-data-as-artifacts – Krzysztof Madej Sep 13 '21 at 11:58
  • Okay, let's say I have a bit many files in a gitignore? how do I make sure they are always not replaced? – iamafasha Sep 13 '21 at 13:00
  • If file doesn't contains secret it should part of your repo. If file contains secret you should consider two things - keep configuration on place where you host your app (if possible) or replace token in this file just before deployment (but do not keep replaced tokens as part of your artifact). – Krzysztof Madej Sep 13 '21 at 15:55
  • 2
    @KrzysztofMadej the .env file should never be part of the GIT repo. – Gert B. Sep 16 '21 at 07:07
  • I've never told that it should be. – Krzysztof Madej Sep 16 '21 at 14:39
  • Exactly, how do I manage such a file if every time an action is triggered all files are deleted and replaced? – iamafasha Sep 16 '21 at 15:01
  • You have two options: 1) keep it in repo (We know that this is not your case). 2) Create file each run (it will take a couple of seconds) (check this [link](https://stackoverflow.com/a/63350136/2347999)) – Krzysztof Madej Sep 16 '21 at 19:56
0

The github action works on the files on your git repo.

Your .env is not and should not be in the repo, because it contains your credentials/secrets.

You may have it on your local computer, but it's included in the gitignore so git (an github as a consequence) doesn't track it.

As a consequence no, you don't have the .env file at each action run. The most straightforward way to do it is:

  • create a .env.production file that is gitted and committed. Place there your main .env variables that aren't secrets/sensitive, such as:
APP_NAME=YourAppName
APP_ENV=production

APP_DEBUG=false
APP_LOG_LEVEL=warning
APP_URL=https://your-url.com

CACHE_DRIVER=redis
SESSION_DRIVER=file
QUEUE_CONNECTION=redis

... etc ...

DO NOT INCLUDE KEYS, PASSWORDS OR SECRETS THOUGH..

Now copy that file as your default .env file in one of your steps:

- name: Copy .env
  run: php -r "file_exists('.env') || copy('.env.production', '.env');"

Now it's time to handle your secrets. You should add them as github secret of your repo, and included using the env directive of your github actions:

env:
    APP_KEY: ${{ secrets.APP_KEY }}
    DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
    ....

This last step may need to vary a bit depending on how/where you do the actual deploy, but that should be the gist of it: you pull them from the github secrets space and you add them to the production environment

gbalduzzi
  • 9,356
  • 28
  • 58