NodeJS environment variables on Google App Engine and Travis CI

1
votes

I have nodejs app and using Travis CI for Continuous Integration (run tests and code linting by eslint). In my project, I'm using some environments variables in .env file (jwt key, mongodb credentials etc.)

Now I want to setup Continuous Deployment after merging development branch into master. For this, I've already investigated Travis docs and other guides which found on google and made some setup. My .travis.yml file:

language: node_js
node_js: lts/*

cache:
  directories:
  - node_modules

script:
- yarn install
- yarn test
- yarn lint

notifications:
  email: false

deploy:
  provider: gae
  project: gae-project-name
  skip_cleanup: true
  keyfile: gae.json
  on: master

env:
  global:
  - secure: FlwzKDN8HXl1cuGBhtQwbm/GjbOVMcLfEhcJkKky+2aGIhe4BOSxjMynrCts7eM53a87GMnyJXsmFxKOeO+w8RYqHVixD77duejV2o+XkoZL1QWORqiSMyK8dvLNc+lqoJ1Lf+qFqOOQCq1TxJ4W5ycFs82/hJMlMuu8jf2fxGhENoDwcARivZ0Fsrq/4/JA+YS3JjG6dqr78M7VwhrKv4mk4M5wMHiacHpKPhHib56v//wwUtsgYnyVLV0n+CPBlm6yh2aWbESt+YLU4uar39gumpG5bzp4+F01qDrWQwi3ctArOYZ5sKHgSfHZDP4jOEcKF4pYWoUlMqkT1vInmK27jnoiiCjZzQ6sfLw2O8eTb104Rlbgae4ttY38KWNE5N5w37DvSV5VzkAZ5xJuXb4j+GF/YmDep5tKNFKgjyUkFeNb7gXY/9INaJlCMiw6guQ6dYRoQlHCbv43jLnxy75E5PHPKMKHkZEi1nfvCKBYgJhIZxZ1PEjWyrupvnt+eyV0IxC7e9vCr/Ih8GkUEPa/uFVHAhDzr5x11OxQogOlSbh+G1kytUS2LhUyxqnQeFwo0DZACML/GPW41r2iXmIwI+SZzSVuT/01ZTRJNiS56UfnncI/+q5rbHR/1muTArnEqbeCISOP0YN2cBF4MefelXuNmjy2IJop56vea/U=
  ...other variables

Such config works well: if no errors occurred during test and lint commands, project deploys to Google App Engine.

But I faced with a problem: I can not safely export my env. variables to GAE build during CI process, as for build it takes files from master repo where .env is absent (files with sensitive data is in .gitignore). So although the app is deployed, it doesn't work as env. variables are absent.

I didn't find a way how I can safely export my environment variables to GAE with Travis CI and hope for your assistance.

P.S. as you may notice I've already encrypted my env. variables in .travis.yml. I made it for running tests which used environment details. But I don't know how to export them to GAE build process.

1
node.jsgoogle-app-engineenvironment-variablestravis-ci

1 Answers

1
votes

there are few ways of dealing with this issue. I prefer ENV vars in the ci, cating them into the directory and removing afterward.

 echo "$ENV_DEVELOP" > ./.env
 echo $APP_ENGINE_TEST_KEY > /tmp/$CI_PIPELINE_ID.json

execute something like this during pipe, and then remove this after deploying process from the system

 rm /tmp/$CI_PIPELINE_ID.json
 rm ./.env

also, if you don't want to store creds anywhere in envs of the pipes, you can create base https server that will retrieve env exemplar for you on request with auth for commit hash.

You can create a hook for push event, and on push send commit hash to your server and store it in some file, afterwards, when the time of getting env came, curl from your pipeline directly to the server with deployment_commit_hash as authorization, and check saved values:) have a nice day ^_^