Fix Gitea Actions compatibility and improve container configuration

- Update all GitHub Actions to v3 for Gitea compatibility - Fix artifact upload/download actions (v4 -> v3) - Remove GitHub-specific features (GITHUB_STEP_SUMMARY) - Add complete Docker Compose configuration with PostgreSQL and Redis - Add environment secrets support for all workflows - Add debug workflow for secrets verification - Add comprehensive documentation for secrets setup - Improve container networking and health checks
2025-09-12 23:18:01 +02:00
parent f7e0172111
commit a4c61172f6
7 changed files with 457 additions and 41 deletions
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -16,10 +16,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'npm'
@@ -41,7 +41,7 @@ jobs:
    needs: test
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.30.0
@@ -63,7 +63,7 @@ jobs:
          echo "Security scan completed with fallback method"

      - name: Upload Trivy scan results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: trivy-results
@@ -76,10 +76,10 @@ jobs:
    if: github.ref == 'refs/heads/production'
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2

      - name: Build Docker image
        run: |
@@ -91,7 +91,7 @@ jobs:
          docker save ${{ env.DOCKER_IMAGE }}:latest | gzip > ${{ env.DOCKER_IMAGE }}.tar.gz

      - name: Upload Docker image artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: docker-image
          path: ${{ env.DOCKER_IMAGE }}.tar.gz
@@ -103,10 +103,10 @@ jobs:
    if: github.ref == 'refs/heads/production'
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Download Docker image artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: docker-image
          path: ./
@@ -115,19 +115,43 @@ jobs:
        run: |
          gunzip -c ${{ env.DOCKER_IMAGE }}.tar.gz | docker load

-      - name: Stop existing container
+      - name: Stop existing services
        run: |
-          docker stop ${{ env.CONTAINER_NAME }} || true
-          docker rm ${{ env.CONTAINER_NAME }} || true
+          docker-compose -f docker-compose.workflow.yml down || true

-      - name: Start new container
+      - name: Verify secrets before deployment
        run: |
-          docker run -d \
-            --name ${{ env.CONTAINER_NAME }} \
-            --restart unless-stopped \
-            -p 3000:3000 \
-            -e NODE_ENV=production \
-            ${{ env.DOCKER_IMAGE }}:latest
+          echo "🔍 Verifying secrets..."
+          if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
+            echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.MY_EMAIL }}" ]; then
+            echo "❌ MY_EMAIL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "❌ ADMIN_BASIC_AUTH secret is missing!"
+            exit 1
+          fi
+          echo "✅ All required secrets are present"
+
+      - name: Start services with Docker Compose
+        run: |
+          docker-compose -f docker-compose.workflow.yml up -d
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Verify container environment
+        run: |
+          echo "🔍 Checking container environment variables..."
+          sleep 10
+          docker exec portfolio-app sh -c 'echo "NODE_ENV: $NODE_ENV" && echo "DATABASE_URL: $DATABASE_URL" && echo "REDIS_URL: $REDIS_URL" && echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL" && echo "MY_EMAIL: $MY_EMAIL" && echo "ADMIN_BASIC_AUTH: [HIDDEN]"'

      - name: Wait for container to be ready
        run: |