Using envsubst for a Meteor app with bitbucket pipelines

Anders Kitson September 21, 2022

I have the following bitbucket pipeline, which is for deploying a Meteor app with Mup.

Everything is working up until the final mup deploy command it seems to not to be able to read the generated config.json file that is supposed to have my secure mongo url injected into it.

this is what the secure_mongo.json file looks like

{
    "secret": $STAGING_MONGO_URL
}

In the mup file I access like

var mongo = require('./config.json');

module.exports = {
  MONGO_URL: mongo.secret,
}

image: node:14.16.0

pipelines:
  branches:
    staging:
      -  step:
           name: Deploy to staging CI/CD Environment
           script:
             - mkdir -p ~/.ssh
             - apt-get update && apt-get install gettext-base
             - curl https://install.meteor.com/ | sh
             - export METEOR_ALLOW_SUPERUSER=true
             - cd .bot-staging-ci-cd
             - (umask 077 ; echo $DO_STAGING_CICD_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)
             - cat secure_mongo.json | envsubst > config.json
             - cat config.json && realpath config.json
             - npm install -g mup
             - npm install -g ssh2
             - mup deploy

And I do have a secure variable named $STAGING_MONGO_URL in the repository. So Not entirely sure what is going wrong. Any help would be great.

This question is related and helped me get this far Storing secrets into Bitbucket Pipelines and then deploy on App Engine? but it is not the same question.

To be clear the error I am getting is Mup deploy is saying that the config.json file is reaching an Unexpected token

exact error

Error loading config file:
SyntaxError: /opt/atlassian/pipelines/agent/build/.bot-staging-ci-cd/config.json: Unexpected token m in JSON at position 13

 

Also the cat command for the new config.json never reveals the secret just shows the variable $STAGING_MONGO_URL in place, I wonder if the envsubst is working at all?

 

Thanks

3 answers

1 accepted

0 votes
Answer accepted
Anders Kitson September 26, 2022

For anyone running into the same problem, this is what I ended having as my pipeline. Also the mongo url needed to be in quotes when I added it to the environment variables.

image: node:14

pipelines:

branches:

staging:

- step:

name: Deploy to staging CI/CD Environment

script:

- mkdir -p ~/.ssh

- apt-get update && apt-get install gettext-base

- curl https://install.meteor.com/ | sh

- export METEOR_ALLOW_SUPERUSER=true

- cd .bot-staging-ci-cd

- (umask 077 ; echo $DO_STAGING_CICD_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)

- cat mup-secure.js | envsubst > mup.js

- cat settings-secure.json | envsubst > settings.json

- rm -rf node_modules

- npm install -g mup

- npm install -g ssh2

- meteor npm i

- mup setup

- mup deploy --settings settings.json
Anders Kitson September 26, 2022

copy and paste butchered my yaml sorry.

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 23, 2022

Hi Anders,

I am not familiar with Meteor, but I just wanted to add that if the value of a secured variable exists in the Pipelines build log, it is always replaced with the variable name. Seeing $STAGING_MONGO_URL in the Pipelines build log is expected since you are using a secured variable.

If you want to check the content of the config.json file after a build runs, you can define it as an artifact in this step (see this doc also on artifacts):

artifacts: 
- .bot-staging-ci-cd/config.json

You will then be able to download it from the Artifacts tab in the Pipelines build log and check its content.

Please keep in mind that artifacts are stored for 14 days following the execution of the step that produced them and they can be downloaded by anyone with access to the repo.

Kind regards,
Theodora

Anders Kitson September 26, 2022

Thanks that is super helpful to know. I did solve my problem

0 votes
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 23, 2022

@Anders Kitson  hi. Thanks for your question.

Try to use envsubst this way:

- envsubst < secure_mongo.json > config.json

 maybe this will help.

 

Regards, Igor 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events