From 440040fecb2436ac0eb9d181fab1d0a9e1918267 Mon Sep 17 00:00:00 2001
From: "Ronald A. Richardson" <me@ron.dev>
Date: Mon, 5 Feb 2024 19:01:20 +0800
Subject: [PATCH] made github auth token environment variable for docker build

---
 .github/workflows/cd.yml | 11 +++--------
 docker-compose.yml       |  1 +
 docker/Dockerfile        |  8 +++++---
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 6b042301..558932fd 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -10,6 +10,7 @@ concurrency:
 
 env:
   PROJECT: ${{ secrets.PROJECT }}
+  GITHUB_AUTH_KEY: ${{ secrets._GITHUB_AUTH_TOKEN }}
 
 jobs:
   build_service:
@@ -45,14 +46,6 @@ jobs:
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
 
-      - name: Prepare Composer Auth Secret
-        run: |
-          if [[ -n "${{ secrets._GITHUB_AUTH_TOKEN }}" ]]; then
-            echo '{"github-oauth": {"github.com": "'${{ secrets._GITHUB_AUTH_TOKEN }}'"}}' > composer-auth.json
-          else
-            echo '{}' > composer-auth.json
-          fi
-
       - name: Build and Release
         uses: docker/bake-action@v2
         env:
@@ -61,6 +54,8 @@ jobs:
           CACHE: type=gha
         with:
           push: true
+          set:
+            *.args.GITHUB_AUTH_KEY: ${{ env.GITHUB_AUTH_KEY }}
           files: |
             ./docker-bake.hcl
 
diff --git a/docker-compose.yml b/docker-compose.yml
index cea42ca3..5929ac63 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -56,6 +56,7 @@ services:
       target: app-dev
       args:
         ENVIRONMENT: development
+        GITHUB_AUTH_KEY: ${GITHUB_AUTH_KEY}
     environment:
       DATABASE_URL: "mysql://root@database/fleetbase"
       QUEUE_CONNECTION: redis
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9e8503ed..8280fde2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -48,6 +48,9 @@ ENV OCTANE_SERVER=frankenphp
 ARG ENVIRONMENT=production
 ENV APP_ENV=$ENVIRONMENT
 
+# Setup github auth
+ARG GITHUB_AUTH_KEY
+
 # Copy Caddyfile
 COPY --chown=www-data:www-data ./Caddyfile $CADDYFILE_PATH
 
@@ -57,9 +60,8 @@ RUN mkdir -p /fleetbase/api && chown -R www-data:www-data /fleetbase
 # Set working directory
 WORKDIR /fleetbase/api
 
-# Load the secret into the auth.json file if exists, and install dependencies
-COPY --chown=www-data:www-data ./api/auth.jso[n] /fleetbase/api/auth.json
-RUN --mount=type=secret,id=composer_auth,target=/fleetbase/api/auth.json
+# If GITHUB_AUTH_KEY is provided, create auth.json with it
+RUN if [ -n "$GITHUB_AUTH_KEY" ]; then echo "{\"github-oauth\": {\"github.com\": \"$GITHUB_AUTH_KEY\"}}" > auth.json; fi
 
 # Optimize Composer Dependency Installation
 COPY --chown=www-data:www-data ./api/composer.json /fleetbase/api/