fix(admin): pass missing Cloudinary and image-processing env vars
All checks were successful
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 1m31s
Deploy — Staging / Build & push — admin (push) Successful in 1m39s
Deploy — Staging / Build & push — storefront (push) Successful in 57s
Deploy — Staging / Deploy to staging VPS (push) Successful in 20s
All checks were successful
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 1m31s
Deploy — Staging / Build & push — admin (push) Successful in 1m39s
Deploy — Staging / Build & push — storefront (push) Successful in 57s
Deploy — Staging / Deploy to staging VPS (push) Successful in 20s
NEXT_PUBLIC_CLOUDINARY_API_KEY and NEXT_PUBLIC_IMAGE_PROCESSING_API_URL are NEXT_PUBLIC_* vars that must be baked in at build time — added as ARG/ENV in admin Dockerfile and as --build-arg in the workflow build step. CLOUDINARY_API_SECRET is a server-side secret — added to the deploy step's env block, written to /opt/staging/.env via printf, and exposed to the admin container via compose.yml environment block. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -122,6 +122,8 @@ jobs:
|
|||||||
ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
|
ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
|
||||||
NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }}
|
NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }}
|
||||||
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME }}
|
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME }}
|
||||||
|
NEXT_PUBLIC_CLOUDINARY_API_KEY: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_API_KEY }}
|
||||||
|
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL: ${{ secrets.STAGING_NEXT_PUBLIC_IMAGE_PROCESSING_API_URL }}
|
||||||
run: |
|
run: |
|
||||||
SHORT_SHA="${GITHUB_SHA::7}"
|
SHORT_SHA="${GITHUB_SHA::7}"
|
||||||
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
|
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
|
||||||
@@ -133,6 +135,8 @@ jobs:
|
|||||||
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
|
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
|
||||||
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
|
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
|
||||||
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
|
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
|
||||||
|
--build-arg NEXT_PUBLIC_CLOUDINARY_API_KEY="$NEXT_PUBLIC_CLOUDINARY_API_KEY" \
|
||||||
|
--build-arg NEXT_PUBLIC_IMAGE_PROCESSING_API_URL="$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL" \
|
||||||
--load \
|
--load \
|
||||||
-t "${IMAGE}:staging" \
|
-t "${IMAGE}:staging" \
|
||||||
./out
|
./out
|
||||||
@@ -177,6 +181,7 @@ jobs:
|
|||||||
SSH_PORT: ${{ secrets.STAGING_SSH_PORT }}
|
SSH_PORT: ${{ secrets.STAGING_SSH_PORT }}
|
||||||
CLERK_SECRET_KEY: ${{ secrets.STAGING_STOREFRONT_CLERK_SECRET_KEY }}
|
CLERK_SECRET_KEY: ${{ secrets.STAGING_STOREFRONT_CLERK_SECRET_KEY }}
|
||||||
ADMIN_CLERK_SECRET_KEY: ${{ secrets.STAGING_ADMIN_CLERK_SECRET_KEY }}
|
ADMIN_CLERK_SECRET_KEY: ${{ secrets.STAGING_ADMIN_CLERK_SECRET_KEY }}
|
||||||
|
CLOUDINARY_API_SECRET: ${{ secrets.STAGING_CLOUDINARY_API_SECRET }}
|
||||||
run: |
|
run: |
|
||||||
REGISTRY_HOST=$(echo "$REGISTRY" | cut -d'/' -f1)
|
REGISTRY_HOST=$(echo "$REGISTRY" | cut -d'/' -f1)
|
||||||
|
|
||||||
@@ -211,8 +216,8 @@ jobs:
|
|||||||
# Write runtime secrets to .env — variables expand on the runner before
|
# Write runtime secrets to .env — variables expand on the runner before
|
||||||
# being sent over SSH, so secrets never appear in VPS shell history.
|
# being sent over SSH, so secrets never appear in VPS shell history.
|
||||||
# printf keeps every line indented (no column-0 content) so YAML stays valid.
|
# printf keeps every line indented (no column-0 content) so YAML stays valid.
|
||||||
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\n' \
|
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\nCLOUDINARY_API_SECRET=%s\n' \
|
||||||
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" \
|
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" "${CLOUDINARY_API_SECRET}" \
|
||||||
> /opt/staging/.env
|
> /opt/staging/.env
|
||||||
chmod 600 /opt/staging/.env
|
chmod 600 /opt/staging/.env
|
||||||
|
|
||||||
|
|||||||
@@ -34,9 +34,13 @@ COPY full/ .
|
|||||||
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
|
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
|
||||||
ARG NEXT_PUBLIC_CONVEX_URL
|
ARG NEXT_PUBLIC_CONVEX_URL
|
||||||
ARG NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME
|
ARG NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME
|
||||||
|
ARG NEXT_PUBLIC_CLOUDINARY_API_KEY
|
||||||
|
ARG NEXT_PUBLIC_IMAGE_PROCESSING_API_URL
|
||||||
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
|
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
|
||||||
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
|
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
|
||||||
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME \
|
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME \
|
||||||
|
NEXT_PUBLIC_CLOUDINARY_API_KEY=$NEXT_PUBLIC_CLOUDINARY_API_KEY \
|
||||||
|
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL=$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL \
|
||||||
NEXT_TELEMETRY_DISABLED=1
|
NEXT_TELEMETRY_DISABLED=1
|
||||||
|
|
||||||
RUN npx turbo build --filter=admin
|
RUN npx turbo build --filter=admin
|
||||||
|
|||||||
@@ -22,3 +22,4 @@ services:
|
|||||||
required: false
|
required: false
|
||||||
environment:
|
environment:
|
||||||
- CLERK_SECRET_KEY=${ADMIN_CLERK_SECRET_KEY}
|
- CLERK_SECRET_KEY=${ADMIN_CLERK_SECRET_KEY}
|
||||||
|
- CLOUDINARY_API_SECRET
|
||||||
|
|||||||
Reference in New Issue
Block a user