guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
a96ae3c0d7918c6797e2f3f0a91cd8a5aa3f06f8
sharedinbox/.forgejo/workflows/website.yml
T
Thomas SharedInboxandClaude Sonnet 4.6 1cd1e49430 feat: migrate CI secrets from Forgejo to SOPS, remove all fallbacks 
- Add 6 secrets to secrets.enc.yaml: WEBSITE_SSH_HOST, PLAY_STORE_CONFIG_JSON,
  ANDROID_KEYSTORE_BASE64, ANDROID_KEYSTORE_PASSWORD,
  FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY, RENOVATE_FORGEJO_TOKEN
- Extend setup_dagger_remote.sh to export all CI secrets from SOPS to
  GITHUB_ENV so subsequent steps receive them without Forgejo secret refs
- Remove all silent-skip fallbacks (if: secrets.X != '') from deploy.yml,
  website.yml, firebase-tests.yml — jobs now fail hard if secrets are missing
- Remove direct Forgejo secret references from all workflow env: blocks
- Delete temporary dump-secrets workflow

SSH_PRIVATE_KEY, SSH_KNOWN_HOSTS, SSH_USER, SSH_HOST are not yet in Forgejo
and therefore not in SOPS — deploy/website tasks will fail with a clear
Taskfile precondition error until those secrets are provided.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 00:14:53 +02:00

44 lines
1.2 KiB
YAML
Raw Blame History

name: Update Website
on:
schedule:
- cron: '0 * * * *' # every hour on the hour
push:
branches: [main]
paths:
- 'website/**'
- 'scripts/website-verify.sh'
- '.forgejo/workflows/website.yml'
workflow_dispatch:
jobs:
deploy:
name: Build & Update Website
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine
env:
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Build & Update Website
env:
DAGGER_NO_NAG: "1"
run: task publish-website
- name: Verify Website
env:
SSH_HOST: ${{ env.WEBSITE_SSH_HOST }}
run: scripts/website-verify.sh
Reference in New Issue View Git Blame Copy Permalink