Update staging workflow to support 1Password

Author: Pau Tena

.env

@@ -1,32 +1,31 @@
 # Domain
 # This would be set to the production domain with an env var on deployment
 # used by Traefik to transmit traffic and aqcuire TLS certificates
-DOMAIN=localhost
+DOMAIN="op://Environments/My Full-Stack Template/$ENVIRONMENT/DOMAIN"
 # To test the local Traefik config
 # DOMAIN=localhost.tiangolo.com
 
 # Used by the backend to generate links in emails to the frontend
-FRONTEND_HOST=http://localhost:5173
+FRONTEND_HOST="op://Environments/My Full-Stack Template/$ENVIRONMENT/FRONTEND_HOST"
 # In staging and production, set this env var to the frontend host, e.g.
 # FRONTEND_HOST=https://dashboard.example.com
 
 # Environment: local, staging, production
-ENVIRONMENT=local
 
-PROJECT_NAME="Full Stack FastAPI Project"
-STACK_NAME=full-stack-fastapi-project
+PROJECT_NAME='Gym Bro'
+STACK_NAME="op://Environments/My Full-Stack Template/$ENVIRONMENT/STACK_NAME"
 
 # Backend
-BACKEND_CORS_ORIGINS="http://localhost,http://localhost:5173,https://localhost,https://localhost:5173,http://localhost.tiangolo.com"
-SECRET_KEY=changethis
-FIRST_SUPERUSER=admin@example.com
-FIRST_SUPERUSER_PASSWORD=changethis
+BACKEND_CORS_ORIGINS="op://Environments/My Full-Stack Template/$ENVIRONMENT/BACKEND_CORS_ORIGINS"
+SECRET_KEY="op://Environments/My Full-Stack Template/SECRET_KEY"
+FIRST_SUPERUSER=me@pautena.com
+FIRST_SUPERUSER_PASSWORD="op://Environments/My Full-Stack Template/FIRST_SUPERUSER_PASSWORD"
 
 # Emails
-SMTP_HOST=
-SMTP_USER=
-SMTP_PASSWORD=
-EMAILS_FROM_EMAIL=info@example.com
+SMTP_HOST="op://Environments/Synology SMTP Client/SMPT_HOST"
+SMTP_USER="op://Environments/Synology SMTP Client/SMTP_USER"
+SMTP_PASSWORD="op://Environments/Synology SMTP Client/SMPT_PASSWORD"
+EMAILS_FROM_EMAIL=[email protected].com
 SMTP_TLS=True
 SMTP_SSL=False
 SMTP_PORT=587
@@ -36,10 +35,10 @@ POSTGRES_SERVER=localhost
 POSTGRES_PORT=5432
 POSTGRES_DB=app
 POSTGRES_USER=postgres
-POSTGRES_PASSWORD=changethis
+POSTGRES_PASSWORD="op://Environments/My Full-Stack Template/POSTGRES_PASSWORD"
 
-SENTRY_DSN=
+SENTRY_DSN="op://Environments/My Full-Stack Template/SENTRY_DSN"
 
 # Configure these with your own Docker registry images
-DOCKER_IMAGE_BACKEND=backend
-DOCKER_IMAGE_FRONTEND=frontend
+DOCKER_IMAGE_BACKEND="op://Environments/My Full-Stack Template/$ENVIRONMENT/DOCKER_IMAGE_BACKEND"
+DOCKER_IMAGE_FRONTEND="op://Environments/My Full-Stack Template/$ENVIRONMENT/DOCKER_IMAGE_FRONTEND"

.github/workflows/deploy-staging.yml

@@ -14,19 +14,13 @@ jobs:
       - staging
     env:
       ENVIRONMENT: staging
-      DOMAIN: ${{ secrets.DOMAIN_STAGING }}
-      STACK_NAME: ${{ secrets.STACK_NAME_STAGING }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      FIRST_SUPERUSER: ${{ secrets.FIRST_SUPERUSER }}
-      FIRST_SUPERUSER_PASSWORD: ${{ secrets.FIRST_SUPERUSER_PASSWORD }}
-      SMTP_HOST: ${{ secrets.SMTP_HOST }}
-      SMTP_USER: ${{ secrets.SMTP_USER }}
-      SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
-      EMAILS_FROM_EMAIL: ${{ secrets.EMAILS_FROM_EMAIL }}
-      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
-      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      PROJECT_NAME: my-full-stack-fastapi-template-staging
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - run: docker compose -f docker-compose.yml --project-name ${{ secrets.STACK_NAME_STAGING }} build
-      - run: docker compose -f docker-compose.yml --project-name ${{ secrets.STACK_NAME_STAGING }} up -d
+      - name: Load secrets from 1Password
+        uses: 1password/load-secrets-action/configure@v2
+        with:
+          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+      - run: op run --env-file=".env" -- docker compose -f docker-compose.yml --project-name ${{ env.PROJECT_NAME }} build
+      - run: op run --env-file=".env" -- docker compose -f docker-compose.yml --project-name ${{ env.PROJECT_NAME }} up -d