From 6b63cbb6cd29d62a2cf4ab51648aa65baae932b0 Mon Sep 17 00:00:00 2001 From: ianshaloom Date: Sun, 8 Mar 2026 04:05:01 +0300 Subject: [PATCH] fix(ci): update Dockerfiles and workflow to include new Cloudinary environment variable - Added NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME to both admin and storefront Dockerfiles to ensure it is available during the build process. - Updated deploy-staging.yml to pass the new Cloudinary variable as a build argument. - Clarified comments regarding the handling of NEXT_PUBLIC_* variables and Gitea secret prefixes. This change enhances the build configuration for both applications, ensuring all necessary environment variables are correctly passed during the Docker build process. --- .gitea/workflows/deploy-staging.yml | 38 +++++++++++++++++++---------- apps/admin/Dockerfile | 7 ++++-- apps/storefront/Dockerfile | 5 ++-- 3 files changed, 33 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/deploy-staging.yml b/.gitea/workflows/deploy-staging.yml index c00035d..e521700 100644 --- a/.gitea/workflows/deploy-staging.yml +++ b/.gitea/workflows/deploy-staging.yml @@ -19,9 +19,10 @@ on: # STAGING_SSH_USER — SSH user on the VPS # STAGING_SSH_KEY — SSH private key (full PEM) # STAGING_SSH_PORT — (optional) defaults to 22 -# STAGING_NEXT_PUBLIC_CONVEX_URL — Convex deployment URL (shared by both apps) -# STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — storefront Clerk publishable key -# STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — admin Clerk publishable key +# STAGING_NEXT_PUBLIC_CONVEX_URL — Convex deployment URL (shared) +# STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — storefront Clerk publishable key +# STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — admin Clerk publishable key +# STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME — admin Cloudinary cloud name # # The Dockerfiles are expected at: # apps/storefront/Dockerfile @@ -107,29 +108,40 @@ jobs: # Each app has its own Clerk instance so the publishable key differs. # NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender # fails with "Missing publishableKey" if they are absent. + # Secrets use STAGING_/PROD_ prefix in Gitea; the prefix is stripped here + # so Dockerfiles receive the plain NEXT_PUBLIC_* names they expect. env: - STOREFRONT_CLERK_KEY: ${{ secrets.STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} + STOREFRONT_CLERK_KEY: ${{ secrets.STAGING_STOREFRONT_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }} + NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME }} run: | SHORT_SHA="${GITHUB_SHA::7}" IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}" if [ "${{ matrix.app }}" = "admin" ]; then CLERK_KEY="$ADMIN_CLERK_KEY" + docker build \ + -f apps/admin/Dockerfile \ + --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ + --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ + --build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \ + -t "${IMAGE}:staging" \ + -t "${IMAGE}:sha-${SHORT_SHA}" \ + --push \ + ./out else CLERK_KEY="$STOREFRONT_CLERK_KEY" + docker build \ + -f apps/storefront/Dockerfile \ + --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ + --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ + -t "${IMAGE}:staging" \ + -t "${IMAGE}:sha-${SHORT_SHA}" \ + --push \ + ./out fi - docker build \ - -f apps/${{ matrix.app }}/Dockerfile \ - --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \ - --build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \ - -t "${IMAGE}:staging" \ - -t "${IMAGE}:sha-${SHORT_SHA}" \ - --push \ - ./out - # ── 3. Deploy ─────────────────────────────────────────────────────────────── deploy: diff --git a/apps/admin/Dockerfile b/apps/admin/Dockerfile index 094d477..9073a34 100644 --- a/apps/admin/Dockerfile +++ b/apps/admin/Dockerfile @@ -28,12 +28,15 @@ COPY --from=deps /app/node_modules ./node_modules COPY full/ . # NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js. -# They must be present here (not just at runtime) or SSG/prerender fails with -# "Missing publishableKey". Pass via --build-arg in CI. +# They must be present here (not just at runtime) or SSG/prerender fails. +# Passed via --build-arg in CI. Note: Gitea secrets use a STAGING_/PROD_ prefix +# which is stripped by the workflow before being forwarded here as build args. ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY ARG NEXT_PUBLIC_CONVEX_URL +ARG NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \ NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \ + NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME \ NEXT_TELEMETRY_DISABLED=1 RUN npx turbo build --filter=admin diff --git a/apps/storefront/Dockerfile b/apps/storefront/Dockerfile index 57a0c76..17ca210 100644 --- a/apps/storefront/Dockerfile +++ b/apps/storefront/Dockerfile @@ -34,8 +34,9 @@ COPY --from=deps /app/node_modules ./node_modules COPY full/ . # NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js. -# They must be present here (not just at runtime) or SSG/prerender fails with -# "Missing publishableKey". Pass via --build-arg in CI. +# They must be present here (not just at runtime) or SSG/prerender fails. +# Passed via --build-arg in CI. Note: Gitea secrets use a STAGING_/PROD_ prefix +# which is stripped by the workflow before being forwarded here as build args. ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY ARG NEXT_PUBLIC_CONVEX_URL ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \