Ignore loading app local secrets files in CI/CD

Question

I'm developing an ASP.NET Core Web API using a local secrets management approach. In my code, two lines of code load secret files that didn't get pushed to the remote Github repo:

public static void AddSecrets(this IServiceCollection services,
    ConfigurationManager config, IWebHostEnvironment environment)
{
    config.AddJsonFile("appsecrets.json");
    config.AddJsonFile($"appsecrets.{environment.EnvironmentName}.json");
}

The problem is when running the integration tests in CI/CD using GitHub Actions this code will throw FileNotFoundException exception because those files aren't pushed to the repo and hence don't exist.

For WebAppicationFactory side, I can only override it and there is no way I can stop running this code.

For the source code side:

• Solution 1: a bad code that checks if the code is running under testing or not and I am even not sure if something like that is possible when running integration tests using WebAppicationFactory.
• Solution 2: make loading files optional using optional: true but this will violate the app startup requirements.

So the question: is my secret management approach wrong from the beginning? If not how can I solve this problem?

Answer 1

Your approaches aren't wrong, but as GitHub Actions allows you to create environment files during the workflow execution, it may be easier to resolve your issue that way.

You can use GitHub repository secrets to generate your files according to each environment, before running the application for your integration tests.

I'll share here some references that might help:

• How do I use an env file with GitHub Actions
• Github Actions: Use secret file
• Write Secrets to File (GitHub Community)