feat(water-log): run Smartsheet sync via Gitea Actions cron + persist secrets on deploy
Deploy to route.crispygoat.com / deploy (push) Successful in 4m20s

- New .gitea/workflows/smartsheet-cron.yml: hits POST /api/water-log/smartsheet-sync
  every 15min with SMARTSHEET_CRON_SECRET bearer. Replaces the no-op
  vercel.json cron entry (ignored on self-hosted Gitea).
- deploy.yml now writes SMARTSHEET_TOKEN_ENC_KEY and SMARTSHEET_CRON_SECRET
  to the runtime .env on every deploy so we don't silently lose them.
- Dropped the unused cron entry from vercel.json.
This commit is contained in:
Nora
2026-07-03 15:03:34 -06:00
parent 242c195265
commit 35313b16d7
4 changed files with 62 additions and 4 deletions
+16
View File
@@ -747,3 +747,19 @@ c.commit()
Gitea is on **SQLite** here (`/home/git/data/gitea.db`), not the
`HOST = 127.0.0.1:3306` listed in app.ini (that's stale config from
when the DB was MySQL).
## 2026-07: Smartsheet cron now runs via Gitea Actions, not vercel.json
The `*/15` cron entry in `vercel.json` is silently ignored because
the host is self-hosted Gitea, not Vercel. Replaced with
`.gitea/workflows/smartsheet-cron.yml`, schedule `0,15,30,45 * * * *`.
`deploy.yml` now writes `SMARTSHEET_TOKEN_ENC_KEY` and
`SMARTSHEET_CRON_SECRET` into the runtime `.env`. Without this,
any future deploy would silently drop these secrets and break
runtime sync (encrypted token storage, cron auth).
If the cron ever returns 401, check `SMARTSHEET_CRON_SECRET`
matches between Gitea repo secrets and the live `.env`. The
runtime route at `POST /api/water-log/smartsheet-sync` falls
back to `CRON_SECRET` if `SMARTSHEET_CRON_SECRET` is unset.