admin/the-pet-loft
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(admin): pass missing Cloudinary and image-processing env vars
All checks were successful
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 1m31s
Details
Deploy — Staging / Build & push — admin (push) Successful in 1m39s
Details
Deploy — Staging / Build & push — storefront (push) Successful in 57s
Details
Deploy — Staging / Deploy to staging VPS (push) Successful in 20s
Details

Browse Source 
NEXT_PUBLIC_CLOUDINARY_API_KEY and NEXT_PUBLIC_IMAGE_PROCESSING_API_URL are
NEXT_PUBLIC_* vars that must be baked in at build time — added as ARG/ENV in
admin Dockerfile and as --build-arg in the workflow build step.

CLOUDINARY_API_SECRET is a server-side secret — added to the deploy step's
env block, written to /opt/staging/.env via printf, and exposed to the admin
container via compose.yml environment block.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ianshaloom
2026-03-08 14:45:31 +03:00
parent 64c0cd6af8
commit 9f2e9afc63
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitea/workflows/deploy-staging.yml
View File

@@ -122,6 +122,8 @@ jobs:
ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }}
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME }}
NEXT_PUBLIC_CLOUDINARY_API_KEY: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_API_KEY }}
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL: ${{ secrets.STAGING_NEXT_PUBLIC_IMAGE_PROCESSING_API_URL }}
run: |
SHORT_SHA="${GITHUB_SHA::7}"
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
@@ -133,6 +135,8 @@ jobs:
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
--build-arg NEXT_PUBLIC_CLOUDINARY_API_KEY="$NEXT_PUBLIC_CLOUDINARY_API_KEY" \
--build-arg NEXT_PUBLIC_IMAGE_PROCESSING_API_URL="$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL" \
--load \
-t "${IMAGE}:staging" \
./out
@@ -177,6 +181,7 @@ jobs:
SSH_PORT: ${{ secrets.STAGING_SSH_PORT }}
CLERK_SECRET_KEY: ${{ secrets.STAGING_STOREFRONT_CLERK_SECRET_KEY }}
ADMIN_CLERK_SECRET_KEY: ${{ secrets.STAGING_ADMIN_CLERK_SECRET_KEY }}
CLOUDINARY_API_SECRET: ${{ secrets.STAGING_CLOUDINARY_API_SECRET }}
run: |
REGISTRY_HOST=$(echo "$REGISTRY" | cut -d'/' -f1)
@@ -211,8 +216,8 @@ jobs:
# Write runtime secrets to .env — variables expand on the runner before
# being sent over SSH, so secrets never appear in VPS shell history.
# printf keeps every line indented (no column-0 content) so YAML stays valid.
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\n' \
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" \
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\nCLOUDINARY_API_SECRET=%s\n' \
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" "${CLOUDINARY_API_SECRET}" \
> /opt/staging/.env
chmod 600 /opt/staging/.env