Can you connect integrations via the CLI?

KrisCoulson · November 28, 2023, 8:18pm

I am currently trying to use Doppler for Continuous Delivery (CD), specifically with deployment preview branches.

I am using Fly.io and there are multiple strategies to tackle this issue. I could either use integrations like the Fly integration or GitHub Actions, or I could handle it directly in Docker.

Connecting Doppler with my production app was easy using the doppler user interface to set Fly to use the production environment.

However, working with deploy previews is a bit more complicated. Since these apps are generated and deployed via GitHub Actions, I have access to the fly app name, and with the Doppler GitHub Action, I also have access to the Doppler CLI.

One strategy I’m considering involves creating a doppler branch for the Pull Request and connecting an integration with Fly, using the Fly app name and the new doppler config. This plan hinges on whether it’s feasible to create integrations connections via CLI.

If that’s not an option, Each deploy preview creates an environment within GitHub. I’m wondering how I could use the Doppler CLI to add secrets to that specific environment.

Any guidance on this would be greatly appreciated. I am particularly interested in knowing if it’s possible to connect integrations via the CLI. I saw that integrations could be created via the REST API. So I figured I would see if I could make a similar connection via CLI

watsonian · November 28, 2023, 8:40pm

Hi @KrisCoulson!

Welcome to the Doppler Community!

Unfortunately, the CLI hasn’t yet been updated to allow the creation of integration syncs. As you pointed out, you can create syncs for some integrations via the API, but you’ll need to do that in a script of some kind. Worst case, it shouldn’t be too hard to do it in a bash script using curl and jq. Not sure if that’s an option for you though!

Let me know if you’d like to pursue that route and need some help with anything!

Regards,
-Joel

KrisCoulson · November 28, 2023, 11:52pm

Okay thank you @watsonian and thanks for responding so quickly.

Yeah I have no restriction on what I can do. I am open to giving that a try. Just trying to see what is the easiest way to kinda do dynamic deploy previews with doppler secrets. Right now my secret management is a mess with things in Fly, Github actions, Docker trying to systemize and make it easy for my developers.

I can also inject secrets into my app. The current way I do it is I have some github secrets at the organization level. I was thinking if with doppler I can move them into the created environment. Or maybe just get them from doppler config and print them all out for the secrets instead of listing them out individually. What are your thoughts. Obviously this way wouldn’t be kept in sync like the other way unless made the integration connection. But any update to the PR would get the most recent secrets and I would no longer have to deal with preview secrets being set inside of github.

staging_app:
    runs-on: ubuntu-latest
    # Create a GitHub deployment environment per staging app so it shows up
    # in the pull request UI.
    environment:
      name: pr-${{ github.event.number }}
      url: ${{ steps.deploy.outputs.url }}

    steps:
      - uses: actions/checkout@v4

      - name: Deploy
        id: deploy
        uses: fly-staging-app
        with:
          # Runtime env variable
          secrets:
            DB_URL=${{ secrets.DB_URL}}
            DB_URL=${{ secrets.DB_URL}}
            DB_URL=${{ secrets.DB_URL}}

watsonian · November 29, 2023, 7:48pm

@KrisCoulson It sounds like the main challenge for you right now is working with preview branches in GitHub Actions. Would this GitHub action help with that?

Since this would involve making a Doppler API request every time the action runs, you’d want to be wary of API rate limits, but should give you a fair amount of flexibility when it comes to injecting secrets into your app deployments.

Probably some dynamic method like this is your best bet currently for dynamic branch preview deployments.

KrisCoulson · November 29, 2023, 11:46pm

This might actually be what I am looking for. I kinda got it to work yesterday with a similar action by just installing the cli in the action and using a token to get config and download it with format. Didn’t get it 100% working because of string interpolation. But atleast got the secrets into the action. The bad part with that though was that secrets weren’t automasking so the were leaking in the actions console. Let me take this for a spin this evening and I will circle back.

With this method is it allows usage of individual env variables on the outputs.

Is it possible to essentially stringify them? It my current setup I have to pass secrets in to the Fly action

secrets: 
    DATABASE_URL=${{ secrets.DATABASE_URL }}
    REDIS_URL=${{secrets.REDIS_URL}}
    SECRET_URL=${{secrets.SECRET_URL}}
    PUBLIC_URL=${{secrets.PUBLIC_URL}}
... any other secrets need to be manually listed and referenced here.

I would love to not have to update my github action with a new secrets and instead just feed them from doppler into the Fly commands
Would it be possible to do something like this where we just pass them all in?

secrets: ${{ steps.doppler.outputs }}

KrisCoulson · December 1, 2023, 8:10am

@watsonian thank you again. Using the Fetch Doppler Secret action was a great suggestion. I ended up having to fork it to tweak the output slightly but I was able to get it working. Thank you again!

Topic		Replies	Views
Does Doppler integrate with Digital Oceans App-Platform? Need Help	2	531	May 19, 2022
Doppler -> Netlify Integration errors Need Help integration	2	290	October 12, 2023
Doppler & Docker Integration Need Help	3	571	November 1, 2022
Can you install the doppler CLI in the Vercel build environment? Discussions	1	181	January 23, 2024
Dockerfile and Doppler CLI updates? Need Help	1	587	February 2, 2022

Can you connect integrations via the CLI?

Related Topics