From 21e3798c05c8edcf54d5c8a68c23f237ba3dbaed Mon Sep 17 00:00:00 2001
From: maamokun <maamo-kun@outlook.com>
Date: Tue, 23 Jul 2024 09:38:18 +0900
Subject: [PATCH] tokens

---
 .github/workflows/fly-deploy.yml | 12 ++++++------
 Dockerfile                       |  9 ++++++++-
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/fly-deploy.yml b/.github/workflows/fly-deploy.yml
index 2092a8d..328b9e6 100644
--- a/.github/workflows/fly-deploy.yml
+++ b/.github/workflows/fly-deploy.yml
@@ -1,5 +1,3 @@
-# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/
-
 name: Fly Deploy
 on:
   push:
@@ -9,11 +7,13 @@ jobs:
   deploy:
     name: Deploy app
     runs-on: ubuntu-latest
-    concurrency: deploy-group    # optional: ensure only one action runs at a time
+    concurrency: deploy-group
     steps:
       - uses: actions/checkout@v4
+      
       - uses: superfly/flyctl-actions/setup-flyctl@master
-      - run: flyctl deploy --local-only
+      
+      - name: Deploy to Fly.io
+        run: flyctl deploy --local-only --build-arg NPM_TOKEN=${{ secrets.GH_NPM_TOKEN }}
         env:
-          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
-          GH_NPM_TOKEN: ${{ secrets.GH_NPM_TOKEN }}
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index cf28387..a15adbb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,10 +12,15 @@ WORKDIR /app
 # Set production environment
 ENV NODE_ENV="production"
 
+# Argument for NPM token
+ARG NPM_TOKEN
 
 # Throw-away build stage to reduce size of final image
 FROM base as build
 
+# Set the NPM_TOKEN as an environment variable
+ENV NPM_TOKEN=${NPM_TOKEN}
+
 # Install packages needed to build node modules
 RUN apt-get update -qq && \
     apt-get install --no-install-recommends -y build-essential pkg-config python-is-python3
@@ -34,6 +39,8 @@ RUN bun run build
 RUN rm -rf node_modules && \
     bun install --ci
 
+# Remove .npmrc to avoid token leakage
+RUN rm -f .npmrc
 
 # Final stage for app image
 FROM base
@@ -43,4 +50,4 @@ COPY --from=build /app /app
 
 # Start the server by default, this can be overwritten at runtime
 EXPOSE 3000
-CMD [ "bun", "run", "start" ]
+CMD [ "bun", "run", "start" ]
\ No newline at end of file