hjess/mmd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: switch to Consul KV template for secrets injection
All checks were successful
Build and Deploy MoneyMaker / build-and-deploy (push) Successful in 15m28s
Details

Browse Source 
- Consul now running on int node (joined cluster)
- provider=consul re-enabled (int has consul.version=1.22.7)
- Removed sed placeholder approach + Gitea secrets requirement
- Added template{} stanzas reading from consul kv mmd/* keys
- Cleaned up deploy.yml (removed sed substitution step)
This commit is contained in:
Henrik Jess Nielsen
2026-05-27 15:16:00 +02:00
parent 4a08016edf
commit 0d57c9eee5
2 changed files with 37 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.gitea/workflows/deploy.yml
View File

@@ -80,23 +80,13 @@ jobs:
env: env:
NOMAD_ADDR: "https://nomad.i80.dk:4646" NOMAD_ADDR: "https://nomad.i80.dk:4646"
- name: Substitute secrets into Nomad job
run: |
sed \
-e "s|__DATABASE_URL__|${{ secrets.DATABASE_URL }}|g" \
-e "s|__ANTHROPIC_API_KEY__|${{ secrets.ANTHROPIC_API_KEY }}|g" \
-e "s|__SAXO_APP_KEY__|${{ secrets.SAXO_APP_KEY }}|g" \
-e "s|__SAXO_APP_SECRET_1__|${{ secrets.SAXO_APP_SECRET_1 }}|g" \
-e "s|__SAXO_BASE__|${{ secrets.SAXO_BASE }}|g" \
mmd.nomad > mmd_deploy.nomad
- name: Validate Nomad job - name: Validate Nomad job
run: nomad job validate mmd_deploy.nomad run: nomad job validate mmd.nomad
env: env:
NOMAD_ADDR: "https://nomad.i80.dk:4646" NOMAD_ADDR: "https://nomad.i80.dk:4646"
- name: Deploy to Nomad - name: Deploy to Nomad
run: nomad job run mmd_deploy.nomad run: nomad job run mmd.nomad
env: env:
NOMAD_ADDR: "https://nomad.i80.dk:4646" NOMAD_ADDR: "https://nomad.i80.dk:4646"

37
mmd.nomad
View File

@@ -36,7 +36,7 @@ job "moneymaker" {
} }
service { service {
provider = "nomad" provider = "consul"
name = "moneymaker" name = "moneymaker"
port = "http" port = "http"
@@ -78,6 +78,19 @@ job "moneymaker" {
mode = "fail" mode = "fail"
} }
template {
data = <<EOH
DATABASE_URL="{{ key "mmd/DATABASE_URL" }}"
ANTHROPIC_API_KEY="{{ key "mmd/anthropic_api_key" }}"
SAXO_APP_KEY="{{ key "mmd/SAXO_APP_KEY" }}"
SAXO_APP_SECRET_1="{{ key "mmd/SAXO_APP_SECRET_1" }}"
SAXO_BASE="{{ key "mmd/SAXO_BASE" }}"
HARBOR_ROBOT_TOKEN="{{ key "harbor/robot/token" }}"
EOH
destination = "secrets/app.env"
env = true
}
env { env {
APP_ENV = "production" APP_ENV = "production"
PORT = "${NOMAD_PORT_http}" PORT = "${NOMAD_PORT_http}"
@@ -85,11 +98,6 @@ job "moneymaker" {
LOG_DIR = "/app/data/logs" LOG_DIR = "/app/data/logs"
SAXO_TOKEN_FILE = "/app/data/.saxo_token.json" SAXO_TOKEN_FILE = "/app/data/.saxo_token.json"
HF_HOME = "/app/data/hf-cache" HF_HOME = "/app/data/hf-cache"
DATABASE_URL = "__DATABASE_URL__"
ANTHROPIC_API_KEY = "__ANTHROPIC_API_KEY__"
SAXO_APP_KEY = "__SAXO_APP_KEY__"
SAXO_APP_SECRET_1 = "__SAXO_APP_SECRET_1__"
SAXO_BASE = "__SAXO_BASE__"
} }
resources { resources {
@@ -117,15 +125,22 @@ job "moneymaker" {
mode = "fail" mode = "fail"
} }
template {
data = <<EOH
DATABASE_URL="{{ key "mmd/DATABASE_URL" }}"
ANTHROPIC_API_KEY="{{ key "mmd/anthropic_api_key" }}"
SAXO_APP_KEY="{{ key "mmd/SAXO_APP_KEY" }}"
SAXO_APP_SECRET_1="{{ key "mmd/SAXO_APP_SECRET_1" }}"
SAXO_BASE="{{ key "mmd/SAXO_BASE" }}"
EOH
destination = "secrets/worker.env"
env = true
}
env { env {
LOG_DIR = "/app/data/logs" LOG_DIR = "/app/data/logs"
SAXO_TOKEN_FILE = "/app/data/.saxo_token.json" SAXO_TOKEN_FILE = "/app/data/.saxo_token.json"
HF_HOME = "/app/data/hf-cache" HF_HOME = "/app/data/hf-cache"
DATABASE_URL = "__DATABASE_URL__"
ANTHROPIC_API_KEY = "__ANTHROPIC_API_KEY__"
SAXO_APP_KEY = "__SAXO_APP_KEY__"
SAXO_APP_SECRET_1 = "__SAXO_APP_SECRET_1__"
SAXO_BASE = "__SAXO_BASE__"
} }
resources { resources {