- Add MinIO/S3-compatible storage client (src/lib/storage.ts) with uploadObject,
deleteObject, presigned URL helpers, and BUCKETS constant
- Wire product images, brand logos, and water log photos to MinIO via the
new storage client
- Migrate forgot-password to Neon Auth (remove Supabase /auth/v1/recover call)
- Migrate send-scheduled cron to direct Postgres + Resend (remove Supabase Edge
Function proxy)
- Add logoUrl to email types (OrderReceipt, Welcome, PasswordReset) and pass
brand_settings.logo_url from all call sites
- Update email templates to use dynamic logoUrl instead of hardcoded Supabase
bucket URLs
- Remove hardcoded Supabase URLs from TuxedoVideoHero, TuxedoAboutPage,
TimeTrackingFieldClient; use brand_settings props + local public/ fallback
- Download brand logos (3) and tuxedo-hero.mp4 (36MB) from Supabase bucket to
public/ for local development
- Add MinIO env vars to .env.example (endpoint, access key, secret, buckets)
- Fix TimeTrackingFieldClient to destructure logoUrl and brandAccent props
- Fix admin/users.ts logoUrl type (null → undefined for optional string)
- Remove stale sb- cookie from wholesale-auth
- Migrate tuxedo/about page to remove supabase import and use pool query for
wholesale_settings lookup
Ports the deploy pipeline from the Gitea main fork (commit 7ddb06d's deploy
toolkit) into the Auth.js v5 / NextAuth tree:
- .gitea/workflows/deploy.yml: inline deploy that brings up the Docker
stack, applies migrations, builds Next.js, and runs the app under PM2.
Swapped Better Auth env vars (BETTER_AUTH_SECRET/URL, NEXT_PUBLIC_BETTER_AUTH_URL)
for Auth.js v5 names (AUTH_SECRET/URL, NEXT_PUBLIC_AUTH_URL). Dropped
NEXT_PUBLIC_SUPABASE_URL/ANON_KEY (Supabase removal in progress). Added
GOOGLE_CLIENT_ID/SECRET + ALLOW_DEV_LOGIN for the Auth.js Google provider
and dev credentials path. Switched runs-on from 'ubuntu-latest' to the
self-hosted runner labels matching build.yml.
- deploy/: idempotent deploy toolkit (deploy.sh, docker-compose.yml,
Dockerfile.nextjs, nginx.conf.template, .env.production.example, healthcheck.sh,
Makefile, deploy/.gitignore). No auth/Supabase dependencies — pure infra.
- deploy/.env.production.example: renamed NEXTAUTH_SECRET/NEXTAUTH_URL
(v4) to AUTH_SECRET/AUTH_URL (v5) and added the v5-specific vars
(NEXT_PUBLIC_AUTH_URL, GOOGLE_*, ALLOW_DEV_LOGIN).
Build pipeline is now end-to-end:
build.yml → typecheck + lint + build (uses [self-hosted, linux, ubuntu-latest])
deploy.yml → start docker stack + migrations + build + PM2 restart
Storage / admin code ports (MinIO via @/lib/storage, Supabase removal,
admin-permissions rewrite) are tracked separately — they require porting
the storage and admin code first; the deploy pipeline itself is ready
to run against the Auth.js world.