admin/the-pet-loft
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): pass NEXT_PUBLIC build args and fix docker push
Some checks failed
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m11s
Details
Deploy — Staging / Build & push — admin (push) Failing after 2m8s
Details
Deploy — Staging / Build & push — storefront (push) Failing after 1m42s
Details
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
Details

Browse Source 
Two issues in the admin (and upcoming storefront) build:

1. Missing Clerk publishableKey during prerender
   NEXT_PUBLIC_* vars are baked into the client bundle at build time. If absent,
   Next.js SSG fails with "@clerk/clerk-react: Missing publishableKey".
   Added ARG + ENV in both Dockerfiles builder stage and pass them via
   --build-arg in the workflow. Admin and storefront use different Clerk
   instances so the key is selected per matrix.app with a shell conditional.

2. "No output specified with docker-container driver" warning
   setup-buildx-action with driver:docker was not switching the driver in the
   Podman environment. Removed the step and switched to docker build --push
   which pushes directly during the build, eliminating the separate push steps
   and the missing-output warning.

New secrets required:
  STAGING_NEXT_PUBLIC_CONVEX_URL
  STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY        (storefront)
  STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY  (admin)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
ianshaloom
2026-03-08 03:31:58 +03:00
parent 7a6da4f18f
commit bc7306fea4
4 changed files with 48 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/ci.yml
View File

@@ -3,7 +3,7 @@ name: CI
on: on:
push: push:
branches: branches:
- "**" - feat #"**" # TODO: change to "**" after testing
jobs: jobs:
ci: ci:

53
.gitea/workflows/deploy-staging.yml
View File

@@ -11,14 +11,17 @@ on:
# (see: troubleshooting #8 — REGISTRY must include the owner segment) # (see: troubleshooting #8 — REGISTRY must include the owner segment)
# #
# Required secrets (repo → Settings → Secrets and Variables → Actions): # Required secrets (repo → Settings → Secrets and Variables → Actions):
# STAGING_REGISTRY — host:port/owner (e.g. git.yourdomain.com:3000/myorg) # STAGING_REGISTRY — host:port/owner (e.g. git.yourdomain.com:3000/myorg)
# STAGING_REGISTRY_USER — Gitea username # STAGING_REGISTRY_USER — Gitea username
# STAGING_REGISTRY_TOKEN — Gitea personal access token (package:write scope) # STAGING_REGISTRY_TOKEN — Gitea personal access token (package:write scope)
# STAGING_SSH_HOST — use host.containers.internal, not the external IP # STAGING_SSH_HOST — use host.containers.internal, not the external IP
# (see: troubleshooting #13 — VPS firewall blocks ext IP) # (see: troubleshooting #13 — VPS firewall blocks ext IP)
# STAGING_SSH_USER — SSH user on the VPS # STAGING_SSH_USER — SSH user on the VPS
# STAGING_SSH_KEY — SSH private key (full PEM) # STAGING_SSH_KEY — SSH private key (full PEM)
# STAGING_SSH_PORT — (optional) defaults to 22 # STAGING_SSH_PORT — (optional) defaults to 22
# STAGING_NEXT_PUBLIC_CONVEX_URL — Convex deployment URL (shared by both apps)
# STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — storefront Clerk publishable key
# STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY — admin Clerk publishable key
# #
# The Dockerfiles are expected at: # The Dockerfiles are expected at:
# apps/storefront/Dockerfile # apps/storefront/Dockerfile
@@ -85,14 +88,6 @@ jobs:
# Copy it manually so the Dockerfile has the generated types it needs. # Copy it manually so the Dockerfile has the generated types it needs.
cp -r convex out/full/convex cp -r convex out/full/convex
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# docker-container driver spawns a privileged builder container which
# fails on rootless Podman. "docker" driver reuses the daemon directly.
# (see: troubleshooting #5)
driver: docker
- name: Authenticate with registry - name: Authenticate with registry
# docker login sends HTTPS even for HTTP-only (insecure) registries, so it # docker login sends HTTPS even for HTTP-only (insecure) registries, so it
# fails before the daemon can handle it. Pre-populating config.json bypasses # fails before the daemon can handle it. Pre-populating config.json bypasses
@@ -105,22 +100,36 @@ jobs:
echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json echo "{\"auths\":{\"${REGISTRY_HOST}\":{\"auth\":\"${AUTH}\"}}}" > ~/.docker/config.json
- name: Build & push ${{ matrix.app }} - name: Build & push ${{ matrix.app }}
# Plain docker build — no docker/setup-buildx-action needed. # Uses --push to push directly during build, which avoids the "No output
# The docker-container buildx driver spawns a privileged builder container # specified with docker-container driver" warning that appears when using
# which fails on rootless Podman without --privileged. (see: troubleshooting #5) # a separate docker push step without --load. (see: troubleshooting #5)
#
# Each app has its own Clerk instance so the publishable key differs.
# NEXT_PUBLIC_* vars must be baked in at build time — Next.js prerender
# fails with "Missing publishableKey" if they are absent.
env:
STOREFRONT_CLERK_KEY: ${{ secrets.STAGING_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
ADMIN_CLERK_KEY: ${{ secrets.STAGING_ADMIN_NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
NEXT_PUBLIC_CONVEX_URL: ${{ secrets.STAGING_NEXT_PUBLIC_CONVEX_URL }}
run: | run: |
SHORT_SHA="${GITHUB_SHA::7}" SHORT_SHA="${GITHUB_SHA::7}"
IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}" IMAGE="${{ secrets.STAGING_REGISTRY }}/${{ matrix.app }}"
if [ "${{ matrix.app }}" = "admin" ]; then
CLERK_KEY="$ADMIN_CLERK_KEY"
else
CLERK_KEY="$STOREFRONT_CLERK_KEY"
fi
docker build \ docker build \
-f apps/${{ matrix.app }}/Dockerfile \ -f apps/${{ matrix.app }}/Dockerfile \
--build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="$CLERK_KEY" \
--build-arg NEXT_PUBLIC_CONVEX_URL="$NEXT_PUBLIC_CONVEX_URL" \
-t "${IMAGE}:staging" \ -t "${IMAGE}:staging" \
-t "${IMAGE}:sha-${SHORT_SHA}" \ -t "${IMAGE}:sha-${SHORT_SHA}" \
--push \
./out ./out
docker push "${IMAGE}:staging"
docker push "${IMAGE}:sha-${SHORT_SHA}"
# ── 3. Deploy ─────────────────────────────────────────────────────────────── # ── 3. Deploy ───────────────────────────────────────────────────────────────
deploy: deploy:

9
apps/admin/Dockerfile
View File

@@ -27,7 +27,14 @@ WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY full/ . COPY full/ .
ENV NEXT_TELEMETRY_DISABLED=1 # NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js.
# They must be present here (not just at runtime) or SSG/prerender fails with
# "Missing publishableKey". Pass via --build-arg in CI.
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
ARG NEXT_PUBLIC_CONVEX_URL
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
NEXT_TELEMETRY_DISABLED=1
RUN npx turbo build --filter=admin RUN npx turbo build --filter=admin

9
apps/storefront/Dockerfile
View File

@@ -33,7 +33,14 @@ WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY full/ . COPY full/ .
ENV NEXT_TELEMETRY_DISABLED=1 # NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js.
# They must be present here (not just at runtime) or SSG/prerender fails with
# "Missing publishableKey". Pass via --build-arg in CI.
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
ARG NEXT_PUBLIC_CONVEX_URL
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
NEXT_TELEMETRY_DISABLED=1
RUN npx turbo build --filter=storefront RUN npx turbo build --filter=storefront