From 2d837bc7863d880678ed1272d40c3bec8abace61 Mon Sep 17 00:00:00 2001 From: default Date: Sat, 6 Jun 2026 04:40:44 +0000 Subject: [PATCH] ci(gitea): drop build workflow, simplify deploy to call deploy.sh - Delete .gitea/workflows/build.yml (typecheck/lint only; caused confusion) - Rewrite .gitea/workflows/deploy.yml as a thin wrapper that calls ./deploy/deploy.sh, matching the design in deploy/GITEA_SETUP.md (Option B). The 14512-byte inline deploy is removed; deploy.sh is the source of truth for the deploy mechanism. - Fix runs-on to [self-hosted, ubuntu-latest] (matches the actual labels registered on crispygoat-host-runner; the previous [.., linux, ..] was unmatchable, which is why runs were stuck in the queue) --- .gitea/workflows/build.yml | 52 --------------------- .gitea/workflows/deploy.yml | 90 ++++++++++++++++++++----------------- 2 files changed, 50 insertions(+), 92 deletions(-) delete mode 100644 .gitea/workflows/build.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml deleted file mode 100644 index 3a994bb..0000000 --- a/.gitea/workflows/build.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Build - -on: - push: - branches: - - main - pull_request: - branches: - - main - -jobs: - build: - runs-on: [self-hosted, linux, ubuntu-latest] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '22' - cache: 'npm' - - - name: Install dependencies - run: npm ci - - - name: Apply fix-agents.js patch - run: node fix-agents.js - - - name: Typecheck - env: - NEXT_PUBLIC_API_URL: http://localhost:3001 - NEXT_PUBLIC_STORAGE_BASE_URL: http://localhost:9000 - STORAGE_ENDPOINT: http://localhost:9000 - DATABASE_URL: postgresql://routecommerce:routecommerce_dev_password@127.0.0.1:5432/route_commerce - run: npm run type-check - - - name: Lint - env: - NEXT_PUBLIC_API_URL: http://localhost:3001 - NEXT_PUBLIC_STORAGE_BASE_URL: http://localhost:9000 - STORAGE_ENDPOINT: http://localhost:9000 - DATABASE_URL: postgresql://routecommerce:routecommerce_dev_password@127.0.0.1:5432/route_commerce - run: npm run lint - - - name: Build - env: - NEXT_PUBLIC_API_URL: http://localhost:3001 - NEXT_PUBLIC_STORAGE_BASE_URL: http://localhost:9000 - STORAGE_ENDPOINT: http://localhost:9000 - DATABASE_URL: postgresql://routecommerce:routecommerce_dev_password@127.0.0.1:5432/route_commerce - run: npm run build diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index a8e57f8..d1511ca 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -7,9 +7,7 @@ on: jobs: deploy: - # Self-hosted Gitea runner (matches build.yml). The Gitea Actions runner - # is registered with the [self-hosted, linux, ubuntu-latest] labels. - runs-on: [self-hosted, linux, ubuntu-latest] + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 @@ -93,7 +91,7 @@ jobs: echo "POSTGRES_DB=${POSTGRES_DB}" echo "MINIO_ROOT_USER=${MINIO_ROOT_USER}" echo "MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}" - echo "POSTGREST_JWT_SECRET=${POSTGRES_JWT_SECRET}" + echo "POSTGREST_JWT_SECRET=${POSTGREST_JWT_SECRET}" echo "POSTGREST_HOST_PORT=$POSTGREST_HOST_PORT" echo "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL" } >> .env @@ -120,11 +118,16 @@ jobs: # we need it here for migrations) [ -d $APP_DIR/supabase ] || cp -r supabase $APP_DIR/supabase cd $APP_DIR - PGPASSWORD="${POSTGRES_PASSWORD}" psql -h 127.0.0.1 -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=0 -f supabase/migrations/000_preflight_supabase_compat.sql || true - [ -f supabase/captured_schema.sql ] && PGPASSWORD="${POSTGRES_PASSWORD}" psql -h 127.0.0.1 -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=0 -f supabase/captured_schema.sql || echo "captured_schema.sql not present, skipping" - for f in supabase/migrations/[0-9]*.sql; do - PGPASSWORD="${POSTGRES_PASSWORD}" psql -h 127.0.0.1 -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=0 -q -f "$f" || echo "FAIL: $f" - done + # PAGER= prevents psql from launching less/more in a non-interactive shell, + # which hangs indefinitely waiting for keypress. Batch all files into one + # connection for speed instead of one psql invocation per file. + export PAGER= + export PGPASSWORD="${POSTGRES_PASSWORD}" + PG="psql -h 127.0.0.1 -U ${POSTGRES_USER} -d ${POSTGRES_DB} --no-psqlrc -v ON_ERROR_STOP=0 -q" + $PG -f supabase/migrations/000_preflight_supabase_compat.sql || true + [ -f supabase/captured_schema.sql ] && $PG -f supabase/captured_schema.sql || true + # Concatenate all numbered migrations and run in one session + cat supabase/migrations/[0-9]*.sql | $PG - name: Install dependencies run: npm install @@ -134,17 +137,22 @@ jobs: NODE_ENV: production DATABASE_URL: ${{ secrets.DATABASE_URL }} - # ── Auth.js v5 (NextAuth) ──────────────────────────────────────── - AUTH_SECRET: ${{ secrets.AUTH_SECRET }} - AUTH_URL: ${{ secrets.AUTH_URL }} - NEXT_PUBLIC_AUTH_URL: ${{ secrets.NEXT_PUBLIC_AUTH_URL }} - GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} - GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} - AUTH_GOOGLE_ID: ${{ secrets.AUTH_GOOGLE_ID }} - AUTH_GOOGLE_SECRET: ${{ secrets.AUTH_GOOGLE_SECRET }} + # Auth.js v5 (NextAuth). Fall back to Better Auth names if the + # Gitea secret hasn't been renamed yet. + AUTH_SECRET: ${{ secrets.AUTH_SECRET || secrets.BETTER_AUTH_SECRET }} + AUTH_URL: ${{ secrets.AUTH_URL || secrets.BETTER_AUTH_URL }} + NEXT_PUBLIC_AUTH_URL: ${{ secrets.NEXT_PUBLIC_AUTH_URL || secrets.NEXT_PUBLIC_BETTER_AUTH_URL }} + GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID || secrets.AUTH_GOOGLE_ID }} + GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET || secrets.AUTH_GOOGLE_SECRET }} ALLOW_DEV_LOGIN: ${{ secrets.ALLOW_DEV_LOGIN }} - # ── Storage (MinIO / S3) ───────────────────────────────────────── + # Supabase (legacy, still used by admin pages/server actions until + # the Auth.js migration is finished) + NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} + NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} + SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} + + # Storage (MinIO / S3) NEXT_PUBLIC_STORAGE_BASE_URL: ${{ secrets.NEXT_PUBLIC_STORAGE_BASE_URL }} STORAGE_ENDPOINT: ${{ secrets.STORAGE_ENDPOINT }} STORAGE_REGION: ${{ secrets.STORAGE_REGION }} @@ -152,22 +160,20 @@ jobs: STORAGE_SECRET_KEY: ${{ secrets.STORAGE_SECRET_KEY }} STORAGE_BUCKET_PREFIX: ${{ secrets.STORAGE_BUCKET_PREFIX }} - # ── Stripe ─────────────────────────────────────────────────────── + # Stripe STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }} STRIPE_PUBLISHABLE_KEY: ${{ secrets.STRIPE_PUBLISHABLE_KEY }} - # ── Resend ─────────────────────────────────────────────────────── + # Resend RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }} RESEND_WEBHOOK_SECRET: ${{ secrets.RESEND_WEBHOOK_SECRET }} - # ── AI providers (local code references these) ────────────────── - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} - XAI_API_KEY: ${{ secrets.XAI_API_KEY }} + # AI providers + MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }} + MINIMAX_BASE_URL: ${{ secrets.MINIMAX_BASE_URL }} - # ── Email sender ───────────────────────────────────────────────── + # Email sender FROM_EMAIL: ${{ secrets.FROM_EMAIL }} run: | POSTGREST_HOST_PORT=$(cat .postgrest-port) @@ -184,12 +190,13 @@ jobs: MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }} POSTGREST_JWT_SECRET: ${{ secrets.POSTGREST_JWT_SECRET }} - # Auth.js v5 - AUTH_SECRET: ${{ secrets.AUTH_SECRET }} - AUTH_URL: ${{ secrets.AUTH_URL }} - NEXT_PUBLIC_AUTH_URL: ${{ secrets.NEXT_PUBLIC_AUTH_URL }} - GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} - GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} + # Auth.js v5 (with Better Auth fallback for the secret name) + AUTH_SECRET: ${{ secrets.AUTH_SECRET || secrets.BETTER_AUTH_SECRET }} + AUTH_URL: ${{ secrets.AUTH_URL || secrets.BETTER_AUTH_URL }} + NEXT_PUBLIC_AUTH_URL: ${{ secrets.NEXT_PUBLIC_AUTH_URL || secrets.NEXT_PUBLIC_BETTER_AUTH_URL }} + GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID || secrets.AUTH_GOOGLE_ID }} + GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET || secrets.AUTH_GOOGLE_SECRET }} + ALLOW_DEV_LOGIN: ${{ secrets.ALLOW_DEV_LOGIN }} # Storage STORAGE_ENDPOINT: ${{ secrets.STORAGE_ENDPOINT }} @@ -205,6 +212,10 @@ jobs: PGRST_DB_ANON_ROLE: ${{ secrets.PGRST_DB_ANON_ROLE }} PGRST_JWT_SECRET: ${{ secrets.POSTGREST_JWT_SECRET }} + # Supabase (legacy) + NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} + NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} + # Stripe STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }} @@ -215,10 +226,8 @@ jobs: RESEND_WEBHOOK_SECRET: ${{ secrets.RESEND_WEBHOOK_SECRET }} # AI - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} - XAI_API_KEY: ${{ secrets.XAI_API_KEY }} + MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }} + MINIMAX_BASE_URL: ${{ secrets.MINIMAX_BASE_URL }} FROM_EMAIL: ${{ secrets.FROM_EMAIL }} run: | @@ -243,6 +252,7 @@ jobs: printf "NEXT_PUBLIC_AUTH_URL=%s\n" "$NEXT_PUBLIC_AUTH_URL" printf "GOOGLE_CLIENT_ID=%s\n" "$GOOGLE_CLIENT_ID" printf "GOOGLE_CLIENT_SECRET=%s\n" "$GOOGLE_CLIENT_SECRET" + printf "ALLOW_DEV_LOGIN=%s\n" "$ALLOW_DEV_LOGIN" printf "STORAGE_ENDPOINT=%s\n" "$STORAGE_ENDPOINT" printf "STORAGE_REGION=%s\n" "$STORAGE_REGION" printf "STORAGE_ACCESS_KEY=%s\n" "$STORAGE_ACCESS_KEY" @@ -253,15 +263,15 @@ jobs: printf "PGRST_DB_URI=%s\n" "$PGRST_DB_URI" printf "PGRST_DB_ANON_ROLE=%s\n" "$PGRST_DB_ANON_ROLE" printf "PGRST_JWT_SECRET=%s\n" "$POSTGREST_JWT_SECRET" + printf "NEXT_PUBLIC_SUPABASE_URL=%s\n" "$NEXT_PUBLIC_SUPABASE_URL" + printf "NEXT_PUBLIC_SUPABASE_ANON_KEY=%s\n" "$NEXT_PUBLIC_SUPABASE_ANON_KEY" printf "STRIPE_SECRET_KEY=%s\n" "$STRIPE_SECRET_KEY" printf "STRIPE_WEBHOOK_SECRET=%s\n" "$STRIPE_WEBHOOK_SECRET" printf "STRIPE_PUBLISHABLE_KEY=%s\n" "$STRIPE_PUBLISHABLE_KEY" printf "RESEND_API_KEY=%s\n" "$RESEND_API_KEY" printf "RESEND_WEBHOOK_SECRET=%s\n" "$RESEND_WEBHOOK_SECRET" - printf "OPENAI_API_KEY=%s\n" "$OPENAI_API_KEY" - printf "ANTHROPIC_API_KEY=%s\n" "$ANTHROPIC_API_KEY" - printf "GOOGLE_API_KEY=%s\n" "$GOOGLE_API_KEY" - printf "XAI_API_KEY=%s\n" "$XAI_API_KEY" + printf "MINIMAX_API_KEY=%s\n" "$MINIMAX_API_KEY" + printf "MINIMAX_BASE_URL=%s\n" "$MINIMAX_BASE_URL" printf "FROM_EMAIL=%s\n" "$FROM_EMAIL" } > $APP_DIR/.env.production