GitHub Actions with NextJS - Integrations

Next.js

GitHub Actions with NextJS

Learn how to configure GitHub Actions with Dotenv Vault for a NextJS application. This tutorial assumes you have already created a .env file and synced it.

You can find a complete example repo here.

1. Add GitHub Actions yaml file

In your NextJS project add the file .github/workflows/main.yml.

# .github/workflow/main.yml
name: npm run build
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/[email protected]
    - uses: actions/[email protected]
      with:
        node-version: 16
    - run: npm install
    - run: npm run build
      env:
        DOTENV_KEY: ${{ secrets.DOTENV_KEY }}

example

2. Preload dotenv-vault-core

Install dotenv-vault-core

$ npm install dotenv-vault-core --save

Preload NextJS scripts using dotenv-vault-core. This will inject the environment variables ahead of NextJS.

"scripts": {
  "dev": "node -r dotenv-vault-core/config ./node_modules/.bin/next dev",
  "build": "node -r dotenv-vault-core/config ./node_modules/.bin/next build",
  "start": "node -r dotenv-vault-core/config ./node_modules/.bin/next start",
  "lint": "node -r dotenv-vault-core/config ./node_modules/.bin/next lint"
},

example

3. Run dotenv-vault build

Run npx dotenv-vault build to build your encrypted .env.vault file.

$ npx dotenv-vault build

4. Set DOTENV_KEY

Run npx dotenv-vault keys ci.

$ npx dotenv-vault keys ci
remote:   Listing .env.vault decryption keys... done

dotenv://:[email protected]/vault/.env.vault?environment=ci

Visit your GitHub Project > Settings > Secrets > Actions and click ‘New Repository Secret’.

Set DOTENV_KEY to the value returned in step 4.

5. Commit and push

That’s it!

Commit those changes safely to code and push to GitHub.

When the CI runs, it will recognize the DOTENV_KEY, decrypt the .env.vault file, and load the CI environment variables to ENV. If a DOTENV_KEY is not set (like during development on your local machine) it will fall back to regular dotenv.

You will know it worked when you see the message ‘Loading env from encrypted .env.vault’.