add DO database certificate

yuki-wtf · Nov 20, 2023 · 0569e29 · 0569e29
1 parent 8ee6b72
commit 0569e29
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -39,8 +39,8 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          # secrets: |
-          #   "certificate=${{ secrets.CERTIFICATE }}"
+          secrets: |
+            "certificate=${{ secrets.CERTIFICATE }}"
 
   Deploy-review:
     if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main'

diff --git a/Dockerfile b/Dockerfile
@@ -2,6 +2,8 @@ FROM node:16.15.1
 
 ADD indexer/ /app
 WORKDIR /app
+RUN --mount=type=secret,id=certificate \
+          cat /run/secrets/certificate >> /app/ca-certificate.crt
 
 RUN yarn install && yarn build
 

diff --git a/indexer/src/utils/db.ts b/indexer/src/utils/db.ts
@@ -8,7 +8,7 @@ import { Transaction } from "../entity/transaction";
 import { Balance } from "../view/balance";
 import { Creator } from '../view/creator';
 import { Infinite } from '../view/infinite';
-
+import * as fs from 'fs';
 
 // We need to store bigints in jsonb column, typeorm doesn't support that.
 // Transformers in typeorm run _before_ typeorm's JSON.stringify run, so it is problematic
@@ -34,6 +34,9 @@ export const AppDataSource = new DataSource({
     username: process.env.DB_USER,
     password: process.env.DB_PASS,
     database: process.env.DB_NAME,
+    ssl: {
+        ca: fs.readFileSync("ca-certificate.crt").toString(),
+    },
     synchronize: false,
     logging: false,
     entities: [Block, Event, Transaction, Refresh, Balance, Creator, Infinite],