denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Gitea Actions compatibility and improve container configuration
Some checks failed
CI/CD Pipeline / test (push) Successful in 9m19s
Details
CI/CD Pipeline / security (push) Has been cancelled
Details
CI/CD Pipeline / build (push) Has been cancelled
Details
CI/CD Pipeline / deploy (push) Has been cancelled
Details
Security Scan / security (push) Has been cancelled
Details

Browse Source 
- Update all GitHub Actions to v3 for Gitea compatibility
- Fix artifact upload/download actions (v4 -> v3)
- Remove GitHub-specific features (GITHUB_STEP_SUMMARY)
- Add complete Docker Compose configuration with PostgreSQL and Redis
- Add environment secrets support for all workflows
- Add debug workflow for secrets verification
- Add comprehensive documentation for secrets setup
- Improve container networking and health checks
This commit is contained in:
denshooter
2025-09-12 23:18:01 +02:00
parent f7e0172111
commit a4c61172f6
7 changed files with 457 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
.gitea/workflows/ci-cd.yml
View File

@@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
@@ -41,7 +41,7 @@ jobs:
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.30.0
@@ -63,7 +63,7 @@ jobs:
echo "Security scan completed with fallback method"
- name: Upload Trivy scan results
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
if: always()
with:
name: trivy-results
@@ -76,10 +76,10 @@ jobs:
if: github.ref == 'refs/heads/production'
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
- name: Build Docker image
run: |
@@ -91,7 +91,7 @@ jobs:
docker save ${{ env.DOCKER_IMAGE }}:latest | gzip > ${{ env.DOCKER_IMAGE }}.tar.gz
- name: Upload Docker image artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
with:
name: docker-image
path: ${{ env.DOCKER_IMAGE }}.tar.gz
@@ -103,10 +103,10 @@ jobs:
if: github.ref == 'refs/heads/production'
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Download Docker image artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@v3
with:
name: docker-image
path: ./
@@ -115,19 +115,43 @@ jobs:
run: |
gunzip -c ${{ env.DOCKER_IMAGE }}.tar.gz | docker load
- name: Stop existing container
- name: Stop existing services
run: |
docker stop ${{ env.CONTAINER_NAME }} || true
docker rm ${{ env.CONTAINER_NAME }} || true
docker-compose -f docker-compose.workflow.yml down || true
- name: Start new container
- name: Verify secrets before deployment
run: |
docker run -d \
--name ${{ env.CONTAINER_NAME }} \
--restart unless-stopped \
-p 3000:3000 \
-e NODE_ENV=production \
${{ env.DOCKER_IMAGE }}:latest
echo "🔍 Verifying secrets..."
if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets are present"
- name: Start services with Docker Compose
run: |
docker-compose -f docker-compose.workflow.yml up -d
env:
NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
MY_EMAIL: ${{ secrets.MY_EMAIL }}
MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Verify container environment
run: |
echo "🔍 Checking container environment variables..."
sleep 10
docker exec portfolio-app sh -c 'echo "NODE_ENV: $NODE_ENV" && echo "DATABASE_URL: $DATABASE_URL" && echo "REDIS_URL: $REDIS_URL" && echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL" && echo "MY_EMAIL: $MY_EMAIL" && echo "ADMIN_BASIC_AUTH: [HIDDEN]"'
- name: Wait for container to be ready
run: |

126
.gitea/workflows/debug-secrets.yml Normal file
View File

@@ -0,0 +1,126 @@
name: Debug Secrets
on:
workflow_dispatch:
push:
branches: [ main ]
jobs:
debug-secrets:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Debug Environment Variables
run: |
echo "🔍 Checking if secrets are available..."
echo ""
# Check each secret (without revealing values)
if [ -n "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "✅ NEXT_PUBLIC_BASE_URL: Set (length: ${#NEXT_PUBLIC_BASE_URL})"
else
echo "❌ NEXT_PUBLIC_BASE_URL: Not set"
fi
if [ -n "${{ secrets.MY_EMAIL }}" ]; then
echo "✅ MY_EMAIL: Set (length: ${#MY_EMAIL})"
else
echo "❌ MY_EMAIL: Not set"
fi
if [ -n "${{ secrets.MY_INFO_EMAIL }}" ]; then
echo "✅ MY_INFO_EMAIL: Set (length: ${#MY_INFO_EMAIL})"
else
echo "❌ MY_INFO_EMAIL: Not set"
fi
if [ -n "${{ secrets.MY_PASSWORD }}" ]; then
echo "✅ MY_PASSWORD: Set (length: ${#MY_PASSWORD})"
else
echo "❌ MY_PASSWORD: Not set"
fi
if [ -n "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "✅ MY_INFO_PASSWORD: Set (length: ${#MY_INFO_PASSWORD})"
else
echo "❌ MY_INFO_PASSWORD: Not set"
fi
if [ -n "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "✅ ADMIN_BASIC_AUTH: Set (length: ${#ADMIN_BASIC_AUTH})"
else
echo "❌ ADMIN_BASIC_AUTH: Not set"
fi
echo ""
echo "📋 Summary:"
echo "Total secrets checked: 6"
echo "Set secrets: $(echo "${{ secrets.NEXT_PUBLIC_BASE_URL }}${{ secrets.MY_EMAIL }}${{ secrets.MY_INFO_EMAIL }}${{ secrets.MY_PASSWORD }}${{ secrets.MY_INFO_PASSWORD }}${{ secrets.ADMIN_BASIC_AUTH }}" | grep -o . | wc -l)"
env:
NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
MY_EMAIL: ${{ secrets.MY_EMAIL }}
MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Test Docker Environment
run: |
echo "🐳 Testing Docker environment with secrets..."
# Create a test container to verify environment variables
docker run --rm \
-e NODE_ENV=production \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
-e MY_EMAIL="${{ secrets.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ secrets.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
alpine:latest sh -c '
echo "Environment variables in container:"
echo "NODE_ENV: $NODE_ENV"
echo "DATABASE_URL: $DATABASE_URL"
echo "REDIS_URL: $REDIS_URL"
echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
echo "MY_EMAIL: $MY_EMAIL"
echo "MY_INFO_EMAIL: $MY_INFO_EMAIL"
echo "MY_PASSWORD: [HIDDEN - length: ${#MY_PASSWORD}]"
echo "MY_INFO_PASSWORD: [HIDDEN - length: ${#MY_INFO_PASSWORD}]"
echo "ADMIN_BASIC_AUTH: [HIDDEN - length: ${#ADMIN_BASIC_AUTH}]"
'
- name: Validate Secret Formats
run: |
echo "🔐 Validating secret formats..."
# Check NEXT_PUBLIC_BASE_URL format
if [[ "${{ secrets.NEXT_PUBLIC_BASE_URL }}" =~ ^https?:// ]]; then
echo "✅ NEXT_PUBLIC_BASE_URL: Valid URL format"
else
echo "❌ NEXT_PUBLIC_BASE_URL: Invalid URL format (should start with http:// or https://)"
fi
# Check email formats
if [[ "${{ secrets.MY_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "✅ MY_EMAIL: Valid email format"
else
echo "❌ MY_EMAIL: Invalid email format"
fi
if [[ "${{ secrets.MY_INFO_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "✅ MY_INFO_EMAIL: Valid email format"
else
echo "❌ MY_INFO_EMAIL: Invalid email format"
fi
# Check ADMIN_BASIC_AUTH format (should be username:password)
if [[ "${{ secrets.ADMIN_BASIC_AUTH }}" =~ ^[^:]+:.+$ ]]; then
echo "✅ ADMIN_BASIC_AUTH: Valid format (username:password)"
else
echo "❌ ADMIN_BASIC_AUTH: Invalid format (should be username:password)"
fi

48
.gitea/workflows/quick-deploy.yml
View File

@@ -15,10 +15,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
@@ -33,19 +33,43 @@ jobs:
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
- name: Stop existing container
- name: Stop existing services
run: |
docker stop ${{ env.CONTAINER_NAME }} || true
docker rm ${{ env.CONTAINER_NAME }} || true
docker-compose -f docker-compose.workflow.yml down || true
- name: Start new container
- name: Verify secrets before deployment
run: |
docker run -d \
--name ${{ env.CONTAINER_NAME }} \
--restart unless-stopped \
-p 3000:3000 \
-e NODE_ENV=production \
${{ env.DOCKER_IMAGE }}:latest
echo "🔍 Verifying secrets..."
if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets are present"
- name: Start services with Docker Compose
run: |
docker-compose -f docker-compose.workflow.yml up -d
env:
NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
MY_EMAIL: ${{ secrets.MY_EMAIL }}
MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Verify container environment
run: |
echo "🔍 Checking container environment variables..."
sleep 10
docker exec portfolio-app sh -c 'echo "NODE_ENV: $NODE_ENV" && echo "DATABASE_URL: $DATABASE_URL" && echo "REDIS_URL: $REDIS_URL" && echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL" && echo "MY_EMAIL: $MY_EMAIL" && echo "ADMIN_BASIC_AUTH: [HIDDEN]"'
- name: Health check
run: |

20
.gitea/workflows/security-scan.yml
View File

@@ -13,10 +13,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v3
with:
node-version: '20'
cache: 'npm'
@@ -52,7 +52,7 @@ jobs:
fi
- name: Upload security scan results
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
if: always()
with:
name: security-scan-results
@@ -63,16 +63,16 @@ jobs:
- name: Security scan summary
run: |
echo "## Security Scan Summary" >> $GITHUB_STEP_SUMMARY
echo "### NPM Audit Results" >> $GITHUB_STEP_SUMMARY
echo "## Security Scan Summary"
echo "### NPM Audit Results"
if [ -f npm-audit-results.json ]; then
echo "✅ NPM audit completed" >> $GITHUB_STEP_SUMMARY
echo "✅ NPM audit completed"
else
echo "❌ NPM audit failed" >> $GITHUB_STEP_SUMMARY
echo "❌ NPM audit failed"
fi
echo "### Trivy Results" >> $GITHUB_STEP_SUMMARY
echo "### Trivy Results"
if [ -f trivy-results.txt ]; then
echo "✅ Trivy scan completed" >> $GITHUB_STEP_SUMMARY
echo "✅ Trivy scan completed"
else
echo "❌ Trivy scan failed" >> $GITHUB_STEP_SUMMARY
echo "❌ Trivy scan failed"
fi