Add support for variable env vars (#84)

* Adding option to include GHVars

* Adding validation for repo file, fixing readme

* Update README.md

* Update README.md

* Adjusted for snippet consistency

Author: LeoDiazL

README.md

@@ -24,7 +24,13 @@ You'll need [Access Keys](https://docs.aws.amazon.com/powershell/latest/userguid
 
 ## Environment variables
 
-For envirnoment variables in your app, you can provide a `repo_env` file in your repo, a `.env` file in GitHub Secrets named `DOT_ENV`, or an AWS Secret. Then hook it up in your `docker-compose.yaml` file like:
+For envirnoment variables in your app, you can provide:
+ - `repo_env` - A file in your repo that contains env vars
+ - `ghv_env` - An entry in [Github actions variables](https://docs.github.com/en/actions/learn-github-actions/variables)
+ - `dot_env` - An entry in [Github secrets](https://docs.github.com/es/actions/security-guides/encrypted-secrets)
+ - `aws_secret_env` - The path to a JSON format secret in AWS
+ 
+Then hook it up in your `docker-compose.yaml` file like:
 
 ```
 version: '3.9'
@@ -93,6 +99,7 @@ jobs:
         sub_domain: app
         tf_state_bucket: my-terraform-state-bucket
         dot_env: ${{ secrets.DOT_ENV }}
+        ghv_env: ${{ vars.VARS }}
         app_port: 3000
         additional_tags: "{\"key1\": \"value1\",\"key2\": \"value2\"}"
 
@@ -121,9 +128,10 @@ The following inputs can be used as `step.with` keys
 | `no_cert` | Boolean | Set this to true if no certificate is present for the domain. **See note **. Defaults to `false` |
 | `tf_state_bucket` | String | AWS S3 bucket to use for Terraform state. |
 | `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. (Default is `false`). `stack_destroy` must also be `true`|
-| `repo_env` | String | `.env` file containing environment variables to be used with the app. Name defaults to `repo_env`. Check **SEnvironment variables** note |
-| `dot_env` | String | `.env` file to be used with the app. This is the name of the [Github secret](https://docs.github.com/es/actions/security-guides/encrypted-secrets). Check **SEnvironment variables** note |
-| `aws_secret_env` | String | Secret name to pull environment variables from AWS Secret Manager. Check **SEnvironment variables** note |
+| `repo_env` | String | `.env` file containing environment variables to be used with the app. Name defaults to `repo_env`. Check **Environment variables** note |
+| `dot_env` | String | `.env` file to be used with the app. This is the name of the [Github secret](https://docs.github.com/es/actions/security-guides/encrypted-secrets). Check **Environment variables** note |
+| `ghv_env` | String | `.env` file to be used with the app. This is the name of the [Github variables](https://docs.github.com/en/actions/learn-github-actions/variables). Check **Environment variables** note |
+| `aws_secret_env` | String | Secret name to pull environment variables from AWS Secret Manager. Check **Environment variables** note |
 | `app_port` | String | port to expose for the app |
 | `lb_port` | String | Load balancer listening port. Defaults to 80 if NO FQDN provided, 443 if FQDN provided |
 | `lb_healthcheck` | String | Load balancer health check string. Defaults to HTTP:app_port |

action.yaml

@@ -37,7 +37,10 @@ inputs:
     required: false
     default: 'repo_env'
   dot_env:
-    description: '`.env` file to be used with the app'
+    description: '`.env` file to be used with the app from Github secrets'
+    required: false
+  ghv_env:
+    description: '`.env` file to be used with the app from Github variables'
     required: false
   aws_secret_env:
     description: 'Secret name to pull env variables from AWS Secret Manager'
@@ -115,7 +118,8 @@ runs:
         TF_STATE_BUCKET: ${{ inputs.tf_state_bucket }}
         TF_STATE_BUCKET_DESTROY: ${{ inputs.tf_state_bucket_destroy }}
         REPO_ENV: ${{ inputs.repo_env }}
-        DOT_ENV: ${{ inputs.dot_env }}
+        GHS_ENV: ${{ inputs.dot_env }}
+        GHV_ENV: ${{ inputs.ghv_env }}
         AWS_SECRET_ENV: ${{ inputs.aws_secret_env }}
         APP_PORT: ${{ inputs.app_port }}
         LB_PORT: ${{ inputs.lb_port }}

operations/_scripts/generate/generate_app_repo.sh

@@ -17,6 +17,9 @@ fi
 
 cp -rf "$TARGET_PATH"/* "${GITHUB_ACTION_PATH}/operations/deployment/ansible/app/${GITHUB_REPO_NAME}/"
 
-echo "Copying checked in env file from repo to Ansible deployment path"
-
-cp "$TARGET_PATH/$REPO_ENV" "${GITHUB_ACTION_PATH}/operations/deployment/ansible/repo.env"
+if [ -s "$TARGET_PATH/$REPO_ENV" ]; then
+  echo "Copying checked in env file from repo to Ansible deployment path"
+  cp "$TARGET_PATH/$REPO_ENV" "${GITHUB_ACTION_PATH}/operations/deployment/ansible/repo.env"
+else
+  echo "Checked in env file from repo is empty or couldn't be found"
+fi

operations/_scripts/generate/generate_dot_env.sh

@@ -5,4 +5,5 @@ set -e
 
 echo "In generate_dot_env.sh"
 
-echo "$DOT_ENV" >> "${GITHUB_ACTION_PATH}/operations/deployment/ansible/ghs.env"
+echo "$GHV_ENV" > "${GITHUB_ACTION_PATH}/operations/deployment/ansible/ghv.env"
+echo "$GHS_ENV" > "${GITHUB_ACTION_PATH}/operations/deployment/ansible/ghs.env"

operations/deployment/ansible/bitops.before-deploy.d/merge-tf-env.sh

@@ -6,7 +6,7 @@ set -e
 echo "BitOps Ansible before script: Merge Terraform Enviornment Variables..."
 
 # Merging order
-order=tf,repo,ghs,aws
+order=tf,repo,ghv,ghs,aws
 
 # Ansible dotenv file -> The final destination of all
 DOTENV_FILE="${BITOPS_ENVROOT}/ansible/app.env"
@@ -17,7 +17,10 @@ TF_DOTENV_FILE="${BITOPS_ENVROOT}/terraform/tf.env"
 # Repo env file
 REPO_ENV_FILE="${BITOPS_ENVROOT}/ansible/repo.env"
 
-# GH Secrets env file
+# GH Variables env file
+GHV_ENV_FILE="${BITOPS_ENVROOT}/ansible/ghv.env"
+
+# GH Secrets  env file
 GHS_ENV_FILE="${BITOPS_ENVROOT}/ansible/ghs.env"
 
 # TF AWS dotenv file
@@ -52,12 +55,16 @@ function process {
       # Code to be executed for option2
       merge $REPO_ENV_FILE "checked-in"
       ;;
-    ghs)
+    ghv)
       # Code to be executed for option3
+      merge $GHV_ENV_FILE "GH-Vars"
+      ;;
+    ghs)
+      # Code to be executed for option4
       merge $GHS_ENV_FILE "GH-Secret"
       ;;
     tf)
-      # Code to be executed for option3
+      # Code to be executed for option5
       merge $TF_DOTENV_FILE "Terraform"
       ;;
     *)