如何在工作流程中保护我的 GitHub 令牌并使用 Docker 进行 Spring Cloud 配置进行部署?

问题描述 投票:0回答:1

使用 github 工作流程在 docker 上部署 Spring Cloud 配置服务器密码时如何保护 github 令牌并在开发时保持存储库公开

  build_config_server:
    runs-on: ubuntu-latest
    env:
      SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD: ${{ secrets.GIT_TOKEN }}
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: "17"
          distribution: "temurin"
          cache: maven
      - name: Build Maven Config Service
        run: mvn -B package --file config-server/pom.xml
      - name: Build docker Config Service
        run: docker build -t ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest -f config-server/Dockerfile config-server
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Set Git Token as an environment variable
        run: echo "SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=${{ secrets.GIT_TOKEN }}" >> $GITHUB_ENV
      - name: Push Docker image to Docker Hub
        run: docker push ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest
spring-boot docker github github-actions spring-cloud-config
1个回答
0
投票

这是我在开发完成之前不公开我的存储库的问题之一。我使用微服务架构开发服务,其中使用包含 git 密码的配置服务器,创建环境变量并将其保持公开不会有问题,但在 CI/CD 时会导致问题。


name: Java CI/CD with Maven and Docker on config-server

on:
  push:
    branches: ["main"]
    paths:
      - "config-server/**"
  pull_request:
    branches: ["main"]

jobs:
  build_config_server:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: "17"
          distribution: "temurin"
          cache: maven
      - name: Build Maven Config Service
        run: mvn -B package --file config-server/pom.xml
      - name: Build docker Config Service
        run: docker build -t ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest -f config-server/Dockerfile --build-arg SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD="${{ secrets.CONFIG_PASSWORD }}" config-server
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Push Docker image to Docker Hub
        run: docker push ${{ secrets.DOCKER_USERNAME }}/app-config-server:latest

FROM openjdk:17-alpine
WORKDIR usr/src
ARG SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ENV SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=$SPRING_CLOUD_CONFIG_SERVER_GITHUB_PASSWORD
ADD /target/config-server-0.0.1-SNAPSHOT.jar /usr/src/config-server-0.0.1-SNAPSHOT.jar
ENTRYPOINT [ "java","-jar", "config-server-0.0.1-SNAPSHOT.jar"]
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.