From 33406bac48dfb62a026a89a6563b0d54cb13b3b6 Mon Sep 17 00:00:00 2001
From: "JOSEPH\\tayyi" <tayyihsuen@gmail.com>
Date: Thu, 19 Oct 2023 14:04:57 +0800
Subject: [PATCH] Copy JSON secrets through files

---
 .github/workflows/production.yml | 37 +++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
index 68ac71a8..9425a8ef 100644
--- a/.github/workflows/production.yml
+++ b/.github/workflows/production.yml
@@ -56,6 +56,31 @@ jobs:
           cluster_name: ${{ env.GKE_CLUSTER }}
           location: ${{ env.GKE_REGION }}
 
+      # Copy the JSON secrets (Firebase configs) into JSON files
+      - name: Copy JSON secrets into JSON files
+        run: |-
+          printf "$FIREBASE_SERVICE_ACCOUNT" > ./firebase_service_account.json
+          printf "$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG" > ./next_public_frontend_firebase_config.json
+
+      # Set the secrets that are used as env variables in the manifest files
+      - name: Set kubectl secrets
+        run: |-
+          kubectl create secret generic firebase-service-account \
+            --from-file=firebase-service-account=./firebase_service_account.json
+          kubectl create secret generic prisma-database-url \
+            --from-literal=prisma-database-url=$PRISMA_DATABASE_URL
+          kubectl create secret generic mongo-atlas-url \
+            --from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
+          kubectl create secret generic frontend-firebase-config \
+            --from-file=frontend-firebase-config=./next_public_frontend_firebase_config.json
+
+      # Remove the JSON files
+      - name: Delete JSON files
+        if: ${{ always() }}
+        run: |-
+          rm ./firebase_service_account.json
+          rm ./next_public_frontend_firebase_config.json
+
       # Install the dependencies such as prisma
       - name: Install dependencies with immutable lockfile
         run: yarn install --frozen-lockfile
@@ -72,18 +97,6 @@ jobs:
           ./build-prod-images.sh
         working-directory: ./deployment
 
-      # Set the secrets that are used as env variables in the manifest files
-      - name: Set kubectl secrets
-        run: |-
-          kubectl create secret generic firebase-service-account \
-            --from-literal=firebase-service-account=$FIREBASE_SERVICE_ACCOUNT
-          kubectl create secret generic prisma-database-url \
-            --from-literal=prisma-database-url=$PRISMA_DATABASE_URL
-          kubectl create secret generic mongo-atlas-url \
-            --from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
-          kubectl create secret generic frontend-firebase-config \
-            --from-literal=frontend-firebase-config=$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG
-
       # Deploy the Docker images to the GKE cluster
       - name: Deploy production application
         run: |-