feat(water-log): run Smartsheet sync via Gitea Actions cron + persist secrets on deploy
Deploy to route.crispygoat.com / deploy (push) Successful in 4m20s
Deploy to route.crispygoat.com / deploy (push) Successful in 4m20s
- New .gitea/workflows/smartsheet-cron.yml: hits POST /api/water-log/smartsheet-sync every 15min with SMARTSHEET_CRON_SECRET bearer. Replaces the no-op vercel.json cron entry (ignored on self-hosted Gitea). - deploy.yml now writes SMARTSHEET_TOKEN_ENC_KEY and SMARTSHEET_CRON_SECRET to the runtime .env on every deploy so we don't silently lose them. - Dropped the unused cron entry from vercel.json.
This commit is contained in:
@@ -747,3 +747,19 @@ c.commit()
|
||||
Gitea is on **SQLite** here (`/home/git/data/gitea.db`), not the
|
||||
`HOST = 127.0.0.1:3306` listed in app.ini (that's stale config from
|
||||
when the DB was MySQL).
|
||||
|
||||
## 2026-07: Smartsheet cron now runs via Gitea Actions, not vercel.json
|
||||
|
||||
The `*/15` cron entry in `vercel.json` is silently ignored because
|
||||
the host is self-hosted Gitea, not Vercel. Replaced with
|
||||
`.gitea/workflows/smartsheet-cron.yml`, schedule `0,15,30,45 * * * *`.
|
||||
|
||||
`deploy.yml` now writes `SMARTSHEET_TOKEN_ENC_KEY` and
|
||||
`SMARTSHEET_CRON_SECRET` into the runtime `.env`. Without this,
|
||||
any future deploy would silently drop these secrets and break
|
||||
runtime sync (encrypted token storage, cron auth).
|
||||
|
||||
If the cron ever returns 401, check `SMARTSHEET_CRON_SECRET`
|
||||
matches between Gitea repo secrets and the live `.env`. The
|
||||
runtime route at `POST /api/water-log/smartsheet-sync` falls
|
||||
back to `CRON_SECRET` if `SMARTSHEET_CRON_SECRET` is unset.
|
||||
|
||||
Reference in New Issue
Block a user