How to deploy with GitHub actions and keep secrets?

Starting this afternoon, every deployment triggered by GitHub actions fails because the secrets are not read correctly. The only thing that changed is when I added a new package to my Laravel project that doesn’t add any new secrets, so it should not be an issue. All secrets were set through flyctl secrets set command. Even if I deploy from my local machine, it only works if I remove the local .env from dockerignore.

Hi @mellunar - what is the exact error message that the deploy fails with? Also, do you see the secrets you’d expect to be there when running fly secrets list -a <APP_NAME>?

It is failing when trying to connect with DB, which host url and port are defined in secrets. When I run fly secrets list I can see all of the secrets in the list.
This is the error log:

 #9 5.344 > Illuminate\Foundation\ComposerScripts::postAutoloadDump
#9 5.357 > @php artisan package:discover --ansi
#9 5.480 
#9 5.488 In Connection.php line 795:
#9 5.488                                                                                
#9 5.488   SQLSTATE[08006] [7] could not connect to server: Connection refused          
#9 5.488   	Is the server running on host "127.0.0.1" and accepting                      
#9 5.488   	TCP/IP connections on port 5432? (Connection: pgsql, SQL: select * from in   
#9 5.488   formation_schema.tables where table_catalog = forge and table_schema = publ  
#9 5.488   ic and table_name = language_lines and table_type = 'BASE TABLE')            
#9 5.489                                                                                
#9 5.489 
#9 5.493 In Connector.php line 65:
#9 5.493                                                                        
#9 5.493   SQLSTATE[08006] [7] could not connect to server: Connection refused  
#9 5.493   	Is the server running on host "127.0.0.1" and accepting              
#9 5.493   	TCP/IP connections on port 5432?                                     
#9 5.493                                                                        
#9 5.493 
#9 5.501 Script @php artisan package:discover --ansi handling the post-autoload-dump event returned with error code 1
#9 ERROR: executor failed running [/bin/sh -c composer install --optimize-autoloader --no-dev     && mkdir -p storage/logs     && php artisan optimize:clear     && chown -R www-data:www-data /var/www/html     && sed -i 's/protected \$proxies/protected \$proxies = "*"/g' app/Http/Middleware/TrustProxies.php     && echo "MAILTO=\"\"\n* * * * * www-data /usr/bin/php /var/www/html/artisan schedule:run" > /etc/cron.d/laravel     && cp .fly/entrypoint.sh /entrypoint     && chmod +x /entrypoint]: exit code: 1
------
 > [base 3/4] RUN composer install --optimize-autoloader --no-dev     && mkdir -p storage/logs     && php artisan optimize:clear     && chown -R www-data:www-data /var/www/html     && sed -i 's/protected \$proxies/protected \$proxies = "*"/g' app/Http/Middleware/TrustProxies.php     && echo "MAILTO=""\n* * * * * www-data /usr/bin/php /var/www/html/artisan schedule:run" > /etc/cron.d/laravel     && cp .fly/entrypoint.sh /entrypoint     && chmod +x /entrypoint:
#9 5.489                                                                                
#9 5.489 
#9 5.493 In Connector.php line 65:
#9 5.493                                                                        
#9 5.493   SQLSTATE[08006] [7] could not connect to server: Connection refused  
#9 5.493   	Is the server running on host "127.0.0.1" and accepting              
#9 5.493   	TCP/IP connections on port 5432?                                     
#9 5.493                                                                        
#9 5.493 
#9 5.501 Script @php artisan package:discover --ansi handling the post-autoload-dump event returned with error code 1
------
Error: failed to fetch an image or build from source: error building: executor failed running [/bin/sh -c composer install --optimize-autoloader --no-dev     && mkdir -p storage/logs     && php artisan optimize:clear     && chown -R www-data:www-data /var/www/html     && sed -i 's/protected \$proxies/protected \$proxies = "*"/g' app/Http/Middleware/TrustProxies.php     && echo "MAILTO=\"\"\n* * * * * www-data /usr/bin/php /var/www/html/artisan schedule:run" > /etc/cron.d/laravel     && cp .fly/entrypoint.sh /entrypoint     && chmod +x /entrypoint]: exit code: 1

Error: Process completed with exit code 1.

Looks like the app is trying to connect to localhost, which is the default behaviour for most drivers, and would lead me to believe that the the secret is not set correctly (or at all). Or, your app is configured to read a different variable than what is set in the fly secrets.

Is your database Fly Postgres? If so, fly postgres attach might work for you: Attach or Detach a Fly App · Fly Docs

Important: if your app reads a variable other than DATABASE_URL for the connections, use the --variable-name flag to configure the correct variable.

Its from Supabase. Laravel defaults the database url to DB_HOST variable.

I don’t think it’s a secret issue, these errors are happening during build-time, not run-time, and secrets aren’t available during build. It looks like whatever this new package is tries to read from the database during build time, but there isn’t a database running. What’s the package? Do they offer a flag to prevent database connections? You may need to move some things to your .fly/startup-scripts if they require a database connection (looks like php artisan package:discover is the culprit)

(Laravel will also read from DATABASE_URL if it is set)

It’s arandilopez/laravel-profane it doesn’t read any env variable.

I removed all variables with cli and added them again, now this error is logged:

==> Building image with Docker
--> docker host: 20.10.12 linux x86_64
Error: failed to fetch an image or build from source: error building: provided file is not a console

Seems to be more of a global issue happening to others right now: "Error: failed to fetch an image or build from source: error building: provided file is not a console"

From your local machine, what’s the output of:
php artisan package:discover

Does it work if you turn off your local database (or change your .env password so it cannot connect)?

No, it just shows a list of packages without errors.

All environment variables in local .env remained the same.

It looks like your app is trying to connect to database during Docker build-time (when it runs php artisan package:discover, which is triggered from composer install). I don’t think this is typical for Laravel apps, but some package you have in that list must be requiring it. If your app needs to connect to database during build-time like your error logs show, you’ll need to add in Build Secrets. Or somehow resolve the need to connect to database during build (adjusting config of whatever is requiring database access, move things out of build into startup scripts, etc.)

If the issue is with language_lines table then the culprit is spatie/laravel-translation-loader, but I can’t understand why it was working before and now it doesn’t. Is there a way to add set the docker build secrets with GitHub secrets? I don’t know anything about docker.

That looks reasonable, same issue on their discussion forum but with no solution. But this might be a viable solution.

I had to remove the package to be able to deploy from local, but GitHub is still returning an error:
Error: failed to fetch an image or build from source: error rendering push status stream: unauthorized: not allowed

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.