admin/the-pet-loft
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(admin): pass missing Cloudinary and image-processing env vars
All checks were successful
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 1m31s
Details
Deploy — Staging / Build & push — admin (push) Successful in 1m39s
Details
Deploy — Staging / Build & push — storefront (push) Successful in 57s
Details
Deploy — Staging / Deploy to staging VPS (push) Successful in 20s
Details

Browse Source 
NEXT_PUBLIC_CLOUDINARY_API_KEY and NEXT_PUBLIC_IMAGE_PROCESSING_API_URL are
NEXT_PUBLIC_* vars that must be baked in at build time — added as ARG/ENV in
admin Dockerfile and as --build-arg in the workflow build step.

CLOUDINARY_API_SECRET is a server-side secret — added to the deploy step's
env block, written to /opt/staging/.env via printf, and exposed to the admin
container via compose.yml environment block.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ianshaloom
2026-03-08 14:45:31 +03:00
parent 64c0cd6af8
commit 9f2e9afc63
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitea/workflows/deploy-staging.yml
View File

@@ -122,6 +122,8 @@ jobs:
ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }}
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME }}
NEXT_PUBLIC_CLOUDINARY_API_KEY: ${{ secrets.STAGING_NEXT_PUBLIC_CLOUDINARY_API_KEY }}
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL: ${{ secrets.STAGING_NEXT_PUBLIC_IMAGE_PROCESSING_API_URL }}
run: |
SHORT_SHA="${GITHUB_SHA::7}"
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
@@ -133,6 +135,8 @@ jobs:
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
--build-arg NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME="$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME" \
--build-arg NEXT_PUBLIC_CLOUDINARY_API_KEY="$NEXT_PUBLIC_CLOUDINARY_API_KEY" \
--build-arg NEXT_PUBLIC_IMAGE_PROCESSING_API_URL="$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL" \
--load \
-t "${IMAGE}:staging" \
./out
@@ -177,6 +181,7 @@ jobs:
SSH_PORT: ${{ secrets.STAGING_SSH_PORT }}
CLERK_SECRET_KEY: ${{ secrets.STAGING_STOREFRONT_CLERK_SECRET_KEY }}
ADMIN_CLERK_SECRET_KEY: ${{ secrets.STAGING_ADMIN_CLERK_SECRET_KEY }}
CLOUDINARY_API_SECRET: ${{ secrets.STAGING_CLOUDINARY_API_SECRET }}
run: |
REGISTRY_HOST=$(echo "$REGISTRY" | cut -d'/' -f1)
@@ -211,8 +216,8 @@ jobs:
# Write runtime secrets to .env — variables expand on the runner before
# being sent over SSH, so secrets never appear in VPS shell history.
# printf keeps every line indented (no column-0 content) so YAML stays valid.
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\n' \
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" \
printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\nCLOUDINARY_API_SECRET=%s\n' \
"${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" "${CLOUDINARY_API_SECRET}" \
> /opt/staging/.env
chmod 600 /opt/staging/.env

4
apps/admin/Dockerfile
View File

@@ -34,9 +34,13 @@ COPY full/ .
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
ARG NEXT_PUBLIC_CONVEX_URL
ARG NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME
ARG NEXT_PUBLIC_CLOUDINARY_API_KEY
ARG NEXT_PUBLIC_IMAGE_PROCESSING_API_URL
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME \
NEXT_PUBLIC_CLOUDINARY_API_KEY=$NEXT_PUBLIC_CLOUDINARY_API_KEY \
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL=$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL \
NEXT_TELEMETRY_DISABLED=1
RUN npx turbo build --filter=admin

1
deploy/staging/compose.yml
View File

@@ -22,3 +22,4 @@ services:
required: false
environment:
- CLERK_SECRET_KEY=${ADMIN_CLERK_SECRET_KEY}
- CLOUDINARY_API_SECRET