denshooter
a4c61172f6
Some checks failed
- Update all GitHub Actions to v3 for Gitea compatibility - Fix artifact upload/download actions (v4 -> v3) - Remove GitHub-specific features (GITHUB_STEP_SUMMARY) - Add complete Docker Compose configuration with PostgreSQL and Redis - Add environment secrets support for all workflows - Add debug workflow for secrets verification - Add comprehensive documentation for secrets setup - Improve container networking and health checks
126 lines
5.0 KiB
YAML
126 lines
5.0 KiB
YAML
name: Debug Secrets
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
debug-secrets:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Debug Environment Variables
|
|
run: |
|
|
echo "🔍 Checking if secrets are available..."
|
|
echo ""
|
|
|
|
# Check each secret (without revealing values)
|
|
if [ -n "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
|
|
echo "✅ NEXT_PUBLIC_BASE_URL: Set (length: ${#NEXT_PUBLIC_BASE_URL})"
|
|
else
|
|
echo "❌ NEXT_PUBLIC_BASE_URL: Not set"
|
|
fi
|
|
|
|
if [ -n "${{ secrets.MY_EMAIL }}" ]; then
|
|
echo "✅ MY_EMAIL: Set (length: ${#MY_EMAIL})"
|
|
else
|
|
echo "❌ MY_EMAIL: Not set"
|
|
fi
|
|
|
|
if [ -n "${{ secrets.MY_INFO_EMAIL }}" ]; then
|
|
echo "✅ MY_INFO_EMAIL: Set (length: ${#MY_INFO_EMAIL})"
|
|
else
|
|
echo "❌ MY_INFO_EMAIL: Not set"
|
|
fi
|
|
|
|
if [ -n "${{ secrets.MY_PASSWORD }}" ]; then
|
|
echo "✅ MY_PASSWORD: Set (length: ${#MY_PASSWORD})"
|
|
else
|
|
echo "❌ MY_PASSWORD: Not set"
|
|
fi
|
|
|
|
if [ -n "${{ secrets.MY_INFO_PASSWORD }}" ]; then
|
|
echo "✅ MY_INFO_PASSWORD: Set (length: ${#MY_INFO_PASSWORD})"
|
|
else
|
|
echo "❌ MY_INFO_PASSWORD: Not set"
|
|
fi
|
|
|
|
if [ -n "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
|
|
echo "✅ ADMIN_BASIC_AUTH: Set (length: ${#ADMIN_BASIC_AUTH})"
|
|
else
|
|
echo "❌ ADMIN_BASIC_AUTH: Not set"
|
|
fi
|
|
|
|
echo ""
|
|
echo "📋 Summary:"
|
|
echo "Total secrets checked: 6"
|
|
echo "Set secrets: $(echo "${{ secrets.NEXT_PUBLIC_BASE_URL }}${{ secrets.MY_EMAIL }}${{ secrets.MY_INFO_EMAIL }}${{ secrets.MY_PASSWORD }}${{ secrets.MY_INFO_PASSWORD }}${{ secrets.ADMIN_BASIC_AUTH }}" | grep -o . | wc -l)"
|
|
env:
|
|
NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
|
|
MY_EMAIL: ${{ secrets.MY_EMAIL }}
|
|
MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
|
|
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
|
|
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
|
|
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
|
|
|
|
- name: Test Docker Environment
|
|
run: |
|
|
echo "🐳 Testing Docker environment with secrets..."
|
|
|
|
# Create a test container to verify environment variables
|
|
docker run --rm \
|
|
-e NODE_ENV=production \
|
|
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
|
|
-e REDIS_URL=redis://redis:6379 \
|
|
-e NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
|
|
-e MY_EMAIL="${{ secrets.MY_EMAIL }}" \
|
|
-e MY_INFO_EMAIL="${{ secrets.MY_INFO_EMAIL }}" \
|
|
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
|
|
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
|
|
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
|
|
alpine:latest sh -c '
|
|
echo "Environment variables in container:"
|
|
echo "NODE_ENV: $NODE_ENV"
|
|
echo "DATABASE_URL: $DATABASE_URL"
|
|
echo "REDIS_URL: $REDIS_URL"
|
|
echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
|
|
echo "MY_EMAIL: $MY_EMAIL"
|
|
echo "MY_INFO_EMAIL: $MY_INFO_EMAIL"
|
|
echo "MY_PASSWORD: [HIDDEN - length: ${#MY_PASSWORD}]"
|
|
echo "MY_INFO_PASSWORD: [HIDDEN - length: ${#MY_INFO_PASSWORD}]"
|
|
echo "ADMIN_BASIC_AUTH: [HIDDEN - length: ${#ADMIN_BASIC_AUTH}]"
|
|
'
|
|
|
|
- name: Validate Secret Formats
|
|
run: |
|
|
echo "🔐 Validating secret formats..."
|
|
|
|
# Check NEXT_PUBLIC_BASE_URL format
|
|
if [[ "${{ secrets.NEXT_PUBLIC_BASE_URL }}" =~ ^https?:// ]]; then
|
|
echo "✅ NEXT_PUBLIC_BASE_URL: Valid URL format"
|
|
else
|
|
echo "❌ NEXT_PUBLIC_BASE_URL: Invalid URL format (should start with http:// or https://)"
|
|
fi
|
|
|
|
# Check email formats
|
|
if [[ "${{ secrets.MY_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
|
|
echo "✅ MY_EMAIL: Valid email format"
|
|
else
|
|
echo "❌ MY_EMAIL: Invalid email format"
|
|
fi
|
|
|
|
if [[ "${{ secrets.MY_INFO_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
|
|
echo "✅ MY_INFO_EMAIL: Valid email format"
|
|
else
|
|
echo "❌ MY_INFO_EMAIL: Invalid email format"
|
|
fi
|
|
|
|
# Check ADMIN_BASIC_AUTH format (should be username:password)
|
|
if [[ "${{ secrets.ADMIN_BASIC_AUTH }}" =~ ^[^:]+:.+$ ]]; then
|
|
echo "✅ ADMIN_BASIC_AUTH: Valid format (username:password)"
|
|
else
|
|
echo "❌ ADMIN_BASIC_AUTH: Invalid format (should be username:password)"
|
|
fi |