使用 github 工作流程在 docker 上部署 Spring Cloud 配置服务器密码时如何保护 github 令牌并在开发时保持存储库公开
build_config_server:
runs-on: ubuntu-latest
env:
SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD: ${{ secrets.GIT_TOKEN }}
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: "17"
distribution: "temurin"
cache: maven
- name: Build Maven Config Service
run: mvn -B package --file config-server/pom.xml
- name: Build docker Config Service
run: docker build -t ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest -f config-server/Dockerfile config-server
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set Git Token as an environment variable
run: echo "SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=${{ secrets.GIT_TOKEN }}" >> $GITHUB_ENV
- name: Push Docker image to Docker Hub
run: docker push ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest
这是我在开发完成之前不公开我的存储库的问题之一。我使用微服务架构开发服务,其中使用包含 git 密码的配置服务器,创建环境变量并将其保持公开不会有问题,但在 CI/CD 时会导致问题。
name: Java CI/CD with Maven and Docker on config-server
on:
push:
branches: ["main"]
paths:
- "config-server/**"
pull_request:
branches: ["main"]
jobs:
build_config_server:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: "17"
distribution: "temurin"
cache: maven
- name: Build Maven Config Service
run: mvn -B package --file config-server/pom.xml
- name: Build docker Config Service
run: docker build -t ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest -f config-server/Dockerfile --build-arg SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD="${{ secrets.CONFIG_PASSWORD }}" config-server
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push Docker image to Docker Hub
run: docker push ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest
FROM openjdk:17-alpine
WORKDIR usr/src
ARG SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ENV SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=$SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ADD /target/config-server-0.0.1-SNAPSHOT.jar /usr/src/config-server-0.0.1-SNAPSHOT.jar
ENTRYPOINT [ "java","-jar", "config-server-0.0.1-SNAPSHOT.jar"]