How can I use secret variables inside my ecosystem.config.js?
So this is inside my gitlab-ci.yml file. I can access secret variables via "$...":
....
- echo "$AWS_SSH_PRIVATE_KEY" | ssh-add -
- ssh-add <(echo "$RUNNER_SSH_PRIVATE_KEY")
...
script:
- pm2 deploy ecosystem.config.js production
My ecosystem.config looks like this:
apps: [{
name: 'test',
script: './test.js',
env_production: {
NODE_ENV: 'production'
},
env: {
"test_ENV": "$MY_SECRET_VARIABLE" // not working
}
}],
So I want to set env variables to make them available inside node via process.env.
How can I achieve this?
This might work! I just found it, but haven't tested yet.
https://github.com/icehaunter/pm2-better-deploy
Adds save_env deployment setup config key. It can be an array of strings or an object. All elements are filled from environment variables where the deployment command was run and saved into the config on the deployment server. This allows to "pass" environment vars, like secrets from the gitlab runner instance to the pm2 instance
Related
Well, I am wondering if it's possible creating the queue on container startup but without the config file, because at work we use an internal tool for CI, and can just set some environment variables and we are forced to rewrite the entrypoint command in the CI config file. The reason of that is that the CI config file does NOT have access to the CI workspace and its environment variables or files like a possible elasticmq-custom.conf, so it wouldn't be possible using that.
The CI config file is like this:
schemaVersion: 2.0
image: docker://docker.io/softwaremill/elasticmq-native
host: QUEUE_URL
ports:
- name: QUEUE_PORT
default: 9325
commands:
# here I would set some environment variables that can be accessed by the new start command
- /sbin/tini -- /opt/docker/bin/elasticmq-native-server -Dconfig.file=/opt/elasticmq.conf -Dlogback.configurationFile=/opt/logback.xml
The goal would be creating the queue using the commands above, any idea?
Problem
Some library I use requires the case sensitive environment variable QXToken.
When I create a codespaces secret the environment variable is only available in uppercase (QXTOKEN), as the secrets are case insensitive. Therefore I want to copy the secret stored in QXTOKEN to the environment variable QXToken.
I tried to do that in the devcontainer.json:
{
...
"remoteEnv": {
"QXAuthURL": "https://auth.quantum-computing.ibm.com/api",
"QXToken": "${secrets.QXTOKEN}"
},
"updateContentCommand": "env; export QXToken=$QXTOKEN; env",
"postCreateCommand": "env; export QXToken=$QXTOKEN; env",
"postStartCommand": "env; export QXToken=$QXTOKEN; env",
"postAttachCommand": "env; export QXToken=$QXTOKEN; env"
}
But remoteEnv cannot access the codespaces secrets via ${secrets.QXTOKEN} as one would be able to with GitHub Actions and none of updateContentCommand, postCreateCommand, postStartCommand and postAttachCommand saved the environment variable persistently for the user.
Using the command env I see from the logs that the environment variables have been set, but already in the next command they are gone.
Even though the postCreateCommand is able to access the codespaces secrets according to the documentation I was not able to set environment variables for later usage.
For now I only see the following environment variables, but I am missing QXToken:
$ env | grep QX
QXAuthURL=https://auth.quantum-computing.ibm.com/api
QXTOKEN=***
Question
Is there a best practice to reuse codespaces secrets inside devcontainer.json and make them available as environment variables in the codespace?
The GitHub Codespaces secrets are available via localEnv which is a special variable used by devcontainer.json which provides access to environment variables on the host machine. Therefore, you can set the environment variable QXToken with ${localEnv:QXTOKEN} inside devcontainer.json.
Furthermore, if you want to set an environment variable pointing to a path inside your repo you can use ${containerWorkspaceFolder}/path/inside/your/repo.
"remoteEnv": {
// Use a GitHub Codespaces secret:
"QXToken": "${localEnv:QXTOKEN}",
// Point to a path inside your repo:
"QISKIT_SETTINGS": "${containerWorkspaceFolder}/.qiskit/settings.conf"
}
For more details on the available variables in devcontainer.json have a look at the documentation.
I created my first pipeline yesterday and I wanted to replace a placeholder in my bundle.gradle file with the CIRCLE_BUILD_NUM environment variable. The only method I found find was writing my own ‘sed’ command and executing the regex in a run statement. This worked fine to get up and running, since there was only one variable to replace, however this method obviously won’t scale, down the road. Is there a CircleCI feature/orb or other method to do a more comprehensive placeholder/envar swap throughout my project?
- run:
name: Increment build id
command: sed "s/_buildNum/${CIRCLE_BUILD_NUM}/g" -i build.gradle
EDIT
Looking for a utility/tools/orb/CircleCI best practice similar to what they have in Azure DevOps (Jenkins performs a similar feature as well): simply replace all placeholders in specified files with environment variables matching the same name.
https://marketplace.visualstudio.com/items?itemName=qetza.replacetokens
There is envtpl tool with myriad of implementation in various languages.
It allows for interpolating variables in templates with values set in environment variables.
The following described command installs an implementation in Rust.
commands:
replace-vars-from-env:
description: Replace variables in file from environment variables.
parameters:
filename:
type: string
steps:
- run:
name: Replace variables in build.gradle file
command: |
if ! [ -x /usr/local/bin/envtpl ]; then
curl -L https://github.com/niquola/envtpl/releases/download/0.0.3/envtpl.linux > /usr/local/bin/envtpl
chmod +x /usr/local/bin/envtpl
fi
mv <<parameters.filename>> <<parameters.filename>>.tpl
cat <<parameters.filename>>.tpl | envtpl > <<parameters.filename>>
rm <<parameters.filename>>
and use that in other commands or as a part of your jobs. For example,
executors:
linux:
machine:
image: ubuntu-1604:201903-01
jobs:
build:
executor: linux
steps:
- replace-vars-from-env:
filename: build.gradle
You could use envsubst which provides that basically out of the box.
Depending on your primary container you can install envsubst on top of alpine/your distro, or use some image that has that already, like datasailors/envsubst.
In that case, you would just need to run configure like:
- run:
name: Increment build id
command: envsubst < build.gradle.template > build.gradle
And in your template file you can have ${CIRCLE_BUILD_NUM}, as many other variables directly.
I am currently using Helm charts for deployment.
What I basically wanted to do is to set environment variables for different environments.
Use-case:
I am using Helm to deploy a Node JS application and based on the value of the environment variable NODE_ENV which will be set while deployment I wish to load specific config files.
Example:
env:
- name: NODE_ENV
value: production
...
I was going through HELM charts and I am unable to join the dots as to how we can use the templates/deployment.yaml, values.yaml and a deployment.yaml to establish the same.
Note:
It is the same environment variable which will hold separate values based on the deployment environment.
Any help would be helpful.
You can use templating to set the value of the environment variable:
- name: NODE_ENV
value: {{ .Values.env | quote }}
Your chart's values.yaml file should provide a default value:
env: production
When you actually go to deploy the chart, you can provide an additional YAML file of values (or more than one)
helm install --name my-chart ./charts/my-chart -f values.dev.yaml
And then that YAML file can provide values that override the chart's default
env: development
mysqlHost: mysql-dev.example.com
I am pretty new to setting up remote servers, but I was playing around today and was hoping that I could leverage a Cloud Config file upon setup in order to set a few environment variables as the server spins up.
How can I set my environment variables programmatically when spinning up a machine on Digital Ocean? The key is that I want to automate the setup and avoid interactively defining these variables.
Thanks in advance.
This is what I did with for ubuntu
write_files:
- path: /etc/environment
content: |
FOO="BAR"
append: true
There's a couple ways to do this, although Cloud Init doesn't support a built-in resource type for environment variables.
Depending on your OS, use a write-files section to output the env vars you want to the appropriate file. For CoreOS, you'd do something like:
write_files:
- path: "/etc/profile.env"
append: true
content: |
export MY_VAR="foo"
For Ubuntu, use /etc/environment, or a user's profile, etc.
Another way to do it would be to leverage Cloud Init's support for Chef, and use that tool to set the variables when the profile is applied.
Do you need the environment variable to be permanent, or just for the execution of a single command/script?
If it's for a single command, you can do that:
FOO=${BAR} | sh ./your_script.sh