Reputation: 1
How to manage environment variables for my Node.js app deployed on Google App Engine via GitHub Actions?
I have a Node.js API running on express, that I deploy to Google App Engine (GAE) using GitHub Actions. Currently, I use a .env file for managing environment variables locally, but I want to securely manage these variables in production without changing the way process.env.SECRET1 or other environment variables are accessed in my code.
How can I configure my app to fetch secrets at runtime or build time during deployment while keeping the setup secure ?
I have gone through tutorials and answers online, but most use Datastore or Cloud Storage to access secrets during the build. I specifically want a solution using Google Secret Manager, which I believe wasn’t available at the time and also no detailed solution is available till now.
I am using a app.yaml file :
# app.yaml
runtime: nodejs20
instance_class: F2
# Environment variables
env_variables:
NODE_ENV: "production"
YARN_CACHE_FOLDER: /tmp/.yarn-cache
# Routes
handlers:
- url: /static
static_dir: public
- url: /.*
script: auto
network:
session_affinity: false
automatic_scaling:
min_instances: 1
max_instances: 5
and .github\workflows\deploy.yaml :
name: Deploy to Google App Engine
on:
push:
branches:
- main
jobs:
deploy:
name: Deploy to GAE
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v4
# Step 2: Set up Node.js
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
# Step 3: Install dependencies
- name: Install dependencies
run: yarn install --frozen-lockfile
# Step 4: Build the application
- name: Build repo
run: yarn build
# Step 5: Authenticate with Google Cloud
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_CREDENTIALS }}
# Step 7: Deploy to App Engine
- name: Deploy to App Engine
uses: google-github-actions/deploy-appengine@v2
with:
project_id: ${{ secrets.GCP_PROJECT }}
also, i am using a google service account for the deployment, the default service account of GAE.
Upvotes: 0
Views: 23
Answers (0)
Related Questions
- What is the difference between Google App Engine and Google Compute Engine?
- How to handle secrets in Google App Engine?
- How to set environment variables using Google Cloud Build or other method in Google App Engine Standard Environment?
- Google App Engine: Modify Cloud Run Environment
- NPM authentication for private module with Google App Engine
- Deploy open source spring boot application to google cloud with github actions
- Securing GAE env variables by using gsutil builder to source app.yaml during build?
- Missing environment variables when app is deployed to app engine
- How to use private, self hosted NPM package with Google App Engine node, standard environment
- How to pass environment variables to the app.yaml using cloud build