Fix production deploy env handling and homepage routing
Build & Push / Build & Push Docker Image (push) Failing after 24s
Build & Push / Build & Push Docker Image (push) Failing after 24s
- pass NEXT_PUBLIC_CARPLACE_URL into the production Docker build - keep NEXT_PUBLIC_STOREFRONT_URL as a fallback for existing secrets - run the production deploy script after building the image - support raw or base64 production env secrets during deploy - reuse an existing VPS production env file when present - include homepage in production deploy, pull, and health checks
This commit is contained in:
@@ -305,6 +305,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
IMAGE_REPOSITORY: ${{ steps.image-meta.outputs.repository }}
|
IMAGE_REPOSITORY: ${{ steps.image-meta.outputs.repository }}
|
||||||
IMAGE_TAG: ${{ gitea.sha }}
|
IMAGE_TAG: ${{ gitea.sha }}
|
||||||
|
ENV_DOCKER_PRODUCTION: ${{ secrets.ENV_DOCKER_PRODUCTION }}
|
||||||
ENV_DOCKER_PRODUCTION_B64: ${{ secrets.ENV_DOCKER_PRODUCTION_B64 }}
|
ENV_DOCKER_PRODUCTION_B64: ${{ secrets.ENV_DOCKER_PRODUCTION_B64 }}
|
||||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
||||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||||
@@ -318,6 +319,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
ENV_DOCKER_PRODUCTION_B64_CLEAN="$(printf '%s' "$ENV_DOCKER_PRODUCTION_B64" | tr -d '[:space:]')"
|
ENV_DOCKER_PRODUCTION_B64_CLEAN="$(printf '%s' "$ENV_DOCKER_PRODUCTION_B64" | tr -d '[:space:]')"
|
||||||
|
ENV_DOCKER_PRODUCTION_RAW_B64="$(printf '%s' "$ENV_DOCKER_PRODUCTION" | base64 | tr -d '\n')"
|
||||||
REGISTRY_PASSWORD_B64="$(printf '%s' "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
REGISTRY_PASSWORD_B64="$(printf '%s' "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
||||||
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
||||||
set -e
|
set -e
|
||||||
@@ -325,8 +327,11 @@ jobs:
|
|||||||
if [ -n '$ENV_DOCKER_PRODUCTION_B64_CLEAN' ]; then
|
if [ -n '$ENV_DOCKER_PRODUCTION_B64_CLEAN' ]; then
|
||||||
printf '%s' '$ENV_DOCKER_PRODUCTION_B64_CLEAN' | base64 -d > '$DEPLOY_ROOT/.env.docker.production'
|
printf '%s' '$ENV_DOCKER_PRODUCTION_B64_CLEAN' | base64 -d > '$DEPLOY_ROOT/.env.docker.production'
|
||||||
chmod 600 '$DEPLOY_ROOT/.env.docker.production'
|
chmod 600 '$DEPLOY_ROOT/.env.docker.production'
|
||||||
|
elif [ -n '$ENV_DOCKER_PRODUCTION_RAW_B64' ]; then
|
||||||
|
printf '%s' '$ENV_DOCKER_PRODUCTION_RAW_B64' | base64 -d > '$DEPLOY_ROOT/.env.docker.production'
|
||||||
|
chmod 600 '$DEPLOY_ROOT/.env.docker.production'
|
||||||
elif [ ! -f '$DEPLOY_ROOT/.env.docker.production' ]; then
|
elif [ ! -f '$DEPLOY_ROOT/.env.docker.production' ]; then
|
||||||
echo 'ENV_DOCKER_PRODUCTION_B64 is not set and $DEPLOY_ROOT/.env.docker.production does not exist on the VPS' >&2
|
echo 'ENV_DOCKER_PRODUCTION or ENV_DOCKER_PRODUCTION_B64 is not set, and $DEPLOY_ROOT/.env.docker.production does not exist on the VPS' >&2
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
echo 'Using existing $DEPLOY_ROOT/.env.docker.production on the VPS'
|
echo 'Using existing $DEPLOY_ROOT/.env.docker.production on the VPS'
|
||||||
|
|||||||
+2
-2
@@ -162,13 +162,13 @@ Open `.env.docker.production` and fill in every value. The minimum required secr
|
|||||||
| `RESEND_API_KEY` | Resend API key (or configure SMTP vars instead) |
|
| `RESEND_API_KEY` | Resend API key (or configure SMTP vars instead) |
|
||||||
| `PGMANAGE_DOMAIN` | Hostname for pgManage, e.g. `pgmanage.rentaldrivego.ma` |
|
| `PGMANAGE_DOMAIN` | Hostname for pgManage, e.g. `pgmanage.rentaldrivego.ma` |
|
||||||
|
|
||||||
For Gitea Actions deploys, store the completed production env file as the `ENV_DOCKER_PRODUCTION_B64` secret:
|
For Gitea Actions deploys, either store the completed production env file as the raw `ENV_DOCKER_PRODUCTION` secret or as the base64-encoded `ENV_DOCKER_PRODUCTION_B64` secret:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
base64 < .env.docker.production | tr -d '\n'
|
base64 < .env.docker.production | tr -d '\n'
|
||||||
```
|
```
|
||||||
|
|
||||||
Paste that single-line output into the Gitea secret. During deploy, the workflow writes it to `/opt/rentaldrivego/.env.docker.production` on the VPS with `600` permissions before running `scripts/docker-prod-deploy.sh`.
|
Paste that single-line output into `ENV_DOCKER_PRODUCTION_B64` when using the base64 option. During deploy, the workflow writes the env file to `/opt/rentaldrivego/.env.docker.production` on the VPS with `600` permissions before running `scripts/docker-prod-deploy.sh`. If neither production env secret is set, the workflow reuses `/opt/rentaldrivego/.env.docker.production` when it already exists on the VPS.
|
||||||
|
|
||||||
Production now derives `DATABASE_URL` inside the app container from `POSTGRES_HOST`, `POSTGRES_PORT`, `POSTGRES_DB`, `POSTGRES_USER`, and `POSTGRES_PASSWORD` when `DATABASE_URL_FROM_POSTGRES=true`. That avoids Prisma auth failures when the database password contains reserved URL characters such as `@`, `:`, or `/`.
|
Production now derives `DATABASE_URL` inside the app container from `POSTGRES_HOST`, `POSTGRES_PORT`, `POSTGRES_DB`, `POSTGRES_USER`, and `POSTGRES_PASSWORD` when `DATABASE_URL_FROM_POSTGRES=true`. That avoids Prisma auth failures when the database password contains reserved URL characters such as `@`, `:`, or `/`.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user