From 018d10643f0e2d83eb165b7b6383f5a9b4356d8e Mon Sep 17 00:00:00 2001 From: Ryan Freeman Date: Mon, 9 Jun 2025 22:31:07 +0100 Subject: [PATCH] Simplify build and publish workflow --- .env.gpg | Bin 788 -> 0 bytes .gitea/workflows/publish.yml | 51 ++++++++++++++++++----------------- decrypt_secrets.sh | 5 ---- generate_env.sh | 22 +++++++++++++++ 4 files changed, 48 insertions(+), 30 deletions(-) delete mode 100644 .env.gpg delete mode 100755 decrypt_secrets.sh create mode 100755 generate_env.sh diff --git a/.env.gpg b/.env.gpg deleted file mode 100644 index 928b9af5465d08bb7faa9d8b8875f168c2f15f0d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 788 zcmV+v1MB>Z4Fm@R0`hZ8nAP5n>*;|bA2rs9%Se;EIy^T8<&%|-HO$KF?i|o0Uk8e|) zgM1VKI2(2!=qOoo7vkxnns?1>xQEOy@?E&5&OUOs_nMenbI*<;0D|e z6q#Dj1#4*OoSEH^AuqMT=0e_`i(}DFP1X)7+t|naH?)N}<|1zCt-KEld$wIoP00@i zb2N!s-ca!PVkK`#m)>kBZHrpQiv#!Z&}fZS$ev1kCl_Nk^&qc8#7`q$Q1G_P-ZHj= zc_09k1i#I_QQE=!BD;z%vC-z^3fgoiVicQ4`9$SFc+~dif<28UgT274@+0mLH>j)!mFos^BF z5X$*G1+oW9{^b&TRr-snRXZ44Ls*RBvMJY?b^Gb865OkQ()O0NNQ&o{>?DH`+$igQ z38|Ajp)kaDyH<`hG*2~!Liy;c4W+$n4u2Wave=F24DO_jf6ijU-7K2v1)n04 zZNt#{s(TYhu+dnMMT$1R4Po4?G3Ba`Q$#4zU&%P{Z? z9E)NMBmbr0?KI*><Jy}D+&~qWLeQrktkatm*x+a4BGQiT~N9eFU zxKdJ*?!fMHVH~aNM3HfyDkoBT@GYm7=-F-_dv#~}(sMwSR4w-vVre2N=6&kvu&ynC z;OUV{h&HdH#gjMbQ@Sx~)kQ3E4EU`*tRa%b9^mF^Bh}Hu%AmwYB&o00K5DD(B2VZO S2UORgkCwhM;KB^1JpNoza*yBu diff --git a/.gitea/workflows/publish.yml b/.gitea/workflows/publish.yml index 9a67551..34915f5 100644 --- a/.gitea/workflows/publish.yml +++ b/.gitea/workflows/publish.yml @@ -1,8 +1,6 @@ name: Build And Publish run-name: ${{ gitea.actor }} runs ci pipeline on: -# schedule: -# - cron: '59 23 * * *' push: branches: - 'main' @@ -14,36 +12,40 @@ jobs: - name: Checkout code uses: https://github.com/actions/checkout@v4 + - name: Generate env + run: ./generate_env.sh + env: + NEXT_PUBLIC_SITE_URL: ${{ secrets.NEXT_PUBLIC_SITE_URL }} + GITHUB_ACCESS_TOKEN: ${{ secrets._GITHUB_ACCESS_TOKEN }} + GITHUB_USER_ID: ${{ secrets._GITHUB_USER_ID }} + GITHUB_USERNAME: ${{ secrets._GITHUB_USERNAME }} + GITHUB_CLIENT_ID: ${{ secrets._GITHUB_CLIENT_ID }} + GITHUB_SECRET: ${{ secrets._GITHUB_SECRET }} + NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} + NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} + SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} + AUTH_SECRET: ${{ secrets.AUTH_SECRET }} + AUTH_TRUST_HOST: ${{ secrets.AUTH_TRUST_HOST }} + AUTH_REDIRECT_PROXY_URL: ${{ secrets.AUTH_REDIRECT_PROXY_URL }} + NTFY_URL: ${{ secrets.NTFY_URL }} + NTFY_TOKEN: ${{ secrets.NTFY_TOKEN }} + LISTMONK_URL: ${{ secrets.LISTMONK_URL }} + LISTMONK_LIST_ID: ${{ secrets.LISTMONK_LIST_ID }} + LISTMONK_USERNAME: ${{ secrets.LISTMONK_USERNAME }} + LISTMONK_TOKEN: ${{ secrets.LISTMONK_TOKEN }} + - name: Use Node.js uses: https://github.com/actions/setup-node@v3 with: node-version: '18.17.0' - - name: Decrypt secrets - run: ./decrypt_secrets.sh - env: - SECRET_PASSPHRASE: ${{ secrets.SECRET_PASSPHRASE }} - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{secrets.DOCKER_HUB_USERNAME}} - password: ${{secrets.DOCKER_HUB_PASSWORD}} - - - name: Set up Docker Buildx - uses: https://github.com/docker/setup-buildx-action@v3 - with: - config-inline: | - [registry."docker.io"] - mirrors = ["mirror.gcr.io"] - - - name: Build and push Docker image + - name: Build Docker image uses: https://github.com/docker/build-push-action@v6 with: context: . file: ./Dockerfile - push: true - tags: ${{secrets.DOCKER_HUB_USERNAME}}/${{vars.REPO_NAME}}:latest + push: false + tags: ${{vars.REPO_NAME}}:latest - name: Stop and remove old Docker container continue-on-error: true @@ -53,9 +55,8 @@ jobs: - name: Pull new image and start Docker container run: | - sudo docker pull ${{secrets.DOCKER_HUB_USERNAME}}/${{vars.REPO_NAME}}:latest sudo docker run -d --restart unless-stopped \ --env-file ./.env \ --name ${{vars.REPO_NAME}} \ -p ${{vars.SERVER_IP}}:3000:3000 \ - ${{secrets.DOCKER_HUB_USERNAME}}/${{vars.REPO_NAME}}:latest \ No newline at end of file + ${{vars.REPO_NAME}}:latest \ No newline at end of file diff --git a/decrypt_secrets.sh b/decrypt_secrets.sh deleted file mode 100755 index 26e7fe4..0000000 --- a/decrypt_secrets.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# --batch to prevent interactive command -# --yes to assume "yes" for questions -gpg --quiet --batch --yes --decrypt --passphrase="$SECRET_PASSPHRASE" --output ./.env ./.env.gpg diff --git a/generate_env.sh b/generate_env.sh new file mode 100755 index 0000000..32f5286 --- /dev/null +++ b/generate_env.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +cat > .env <