Stubbing Rails Secrets into Build

jnguyen1990 · October 24, 2018, 9:29pm

Hi, I’ve been trying to set up circleci in but I’m having trouble stubbing in variables from my secrets.yml file that is not included in the repo. I’ve tried to set them through Settings -> Environment Variables as well as adding this to the config file

dependencies:
      override:
        - mv config/secrets.ci.yml config/secrets.yml

and create a second secrets file with fake information that I can add to the repo.

I’ve also tried to add the variable directly to the config.yml file like this

  environment:
    apikey_id: "123"

They are still failing, asking me to include an API key that is in the secrets.yml file

Does anyone have any ideas?

halfer · October 25, 2018, 7:02am

What software reads that file? What is asking you to include an API key?

jnguyen1990 · October 25, 2018, 6:04pm

We use a gem called mailchimp and then initialize it
$mailchimp = Mailchimp::API.new(Rails.application.secrets.mailchimp_api_key)

This is the error it gives me in circleci


** Invoke db:create (first_time) 
** Invoke db:load_config (first_time) 
** Execute db:load_config 
** Execute db:create Created database 'circle_ruby_test' 
** Invoke db:schema:load (first_time) 
** Invoke environment (first_time) 
** Execute environment rake aborted! Mailchimp::Error: You must provide a MailChimp API key /home/ubuntu/myapp/vendor/bundle/ruby/2.3.0/gems/mailchimp-api-2.0.6/lib/mailchimp.rb:22:in `initialize'```

halfer · October 25, 2018, 6:11pm

What is the absolute path it is expecting to see your secrets file? I wonder if it is looking in the wrong location (or you are copying the file to the wrong location)?

jnguyen1990 · October 25, 2018, 6:47pm

This is the config file

#
# Check https://circleci.com/docs/2.0/language-ruby/ for more details
#
version: 2

dependencies:
  override:
    - mv config/secrets.ci.yml config/secrets.yml
jobs:
  build:
    docker:
      # specify the version you desire here
      
      # Specify service dependencies here if necessary
      # CircleCI maintains a library of pre-built images
      # documented at https://circleci.com/docs/2.0/circleci-images/
      # - image: circleci/postgres:9.4

    environment:
      mailchimp_api_key: "asdfasdfasdfasdf-us9"
    
    working_directory: ~/repo
      
    steps:
      - checkout

      # Download and cache dependencies
      - restore_cache:
          keys:
          - v1-dependencies-{{ checksum "Gemfile.lock" }}
          # fallback to using the latest cache if no exact match is found
          - v1-dependencies-

      - run:
          name: install dependencies
          command: |
            bundle install --jobs=4 --retry=3 --path vendor/bundle

      - save_cache:
          paths:
            - ./vendor/bundle
          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
        
      # Database setup
      - run: bundle exec rake db:create
      - run: bundle exec rake db:schema:load

      # run tests!
      - run:
          name: run tests
          command: |
            mkdir /tmp/test-results            
            bundle exec rake test

      # collect reports
      - store_test_results:
          path: /tmp/test-results
      - store_artifacts:
          path: /tmp/test-results
          destination: test-results

With the absolute path to my secrets being /Users/nguyen1990/Repositories/myapp/config/secrets.yml

halfer · October 25, 2018, 6:51pm

Hmm, I wonder whether you are getting your syntaxes mixed up. There is no top-level key called dependencies as far as I know. Docs are here.

Where did you get that syntax from?

jnguyen1990 · October 26, 2018, 2:59pm

I honestly dont remember where I saw this. Where should I put the dependencies key?

halfer · October 26, 2018, 5:02pm

There is no such thing, that’s my point. What you do want it to do?

If this is part of an ordinary job flow, then you need to make a run step after your checkout.

jnguyen1990 · October 26, 2018, 6:56pm

Oh thats strange. I saw it here How can I set secrets.yml for test environment for CircleCI?

Essentially I just need to load a fake secrets.yml file or just replace the mailchimp_api_key secrets key that is called.

Is there a reason why I can’t just use Settings -> Environment Variables?

halfer · October 26, 2018, 8:22pm

Ah, from 2016 - I expect that is valid in Circle 1.0, which is now no longer in operation.

I would certainly try it, good idea.

jnguyen1990 · August 2, 2019, 6:08am

I’ve tried using the variables and it does not work. It shows that it’s loading in, but still errors out

jnguyen1990 · August 2, 2019, 6:08am

And the code that is called is $mailchimp = Mailchimp::API.new(Rails.application.secrets.mailchimp_api_key)

jnguyen1990 · October 30, 2018, 5:40pm

Did you have any idea @halfer?

halfer · October 30, 2018, 7:38pm

Not really; it’s a bit hard to help, since rake is just a task runner, and it could be doing any number of things (and the code is not visible here). Can you create a minimum problem example on GitHub? You can use an invalid key, since presumably the error will be different if a key is provided and incorrect.

system · January 28, 2019, 7:37pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.