fix(deploy): .env.docker resilient — no rm -f, sanity-check vars critiques

- Supprime rm -f (causait la perte de ~23 vars a chaque deploy)
- upsert ecrit KEY=value sans quotes (compatible Docker Compose v2)
- CRLF strip avant ecriture (sed s/\r$//)
- Sanity-check post-upsert: abort si NEXTAUTH_SECRET/AUTH_GOOGLE_ID/etc manquantes
- Header ## AUTO-MANAGED BY CI ## en tete de fichier genere
- deploy-prod.sh: sanity-check pre-deploy (NEXTAUTH_URL/SECRET/GOOGLE_ID/SECRET)
- Ajoute .env.docker.example (reference complete de toutes les vars)
- Ajoute MCP_SERVER_MODE/MCP_SERVER_URL manquantes dans deploy.yaml
This commit is contained in:
Antigravity
2026-06-28 13:15:55 +00:00
parent 19d446f78e
commit b8c85be40f
4 changed files with 102 additions and 110 deletions

View File

@@ -177,8 +177,9 @@ jobs:
MCP_API_KEY: ${{ secrets.MCP_API_KEY }}
run: |
ENV_FILE="/opt/memento/.env.docker"
rm -f "$ENV_FILE"
touch "$ENV_FILE"
sed -i 's/\r$//' "$ENV_FILE"
echo "## AUTO-MANAGED BY CI — do not edit manually ##" > "$ENV_FILE"
upsert() {
local key="$1" val="$2"
[ -z "$val" ] && return
@@ -215,6 +216,8 @@ jobs:
upsert SMTP_IGNORE_CERT "$SMTP_IGNORE_CERT"
upsert MCP_MODE "$MCP_MODE"
upsert MCP_PORT "$MCP_PORT"
upsert MCP_SERVER_MODE "$MCP_MODE"
upsert MCP_SERVER_URL "${APP_URL}/mcp"
upsert WEB_SEARCH_PROVIDER "$WEB_SEARCH_PROVIDER"
upsert SEARXNG_URL "$SEARXNG_URL"
upsert BRAVE_SEARCH_API_KEY "$BRAVE_SEARCH_API_KEY"
@@ -233,6 +236,16 @@ jobs:
upsert MCP_API_KEY "$MCP_API_KEY"
# Write metrics token file for Prometheus (same secret)
[ -n "$METRICS_TOKEN" ] && echo "$METRICS_TOKEN" > /opt/memento/monitoring/metrics-token && chmod 600 /opt/memento/monitoring/metrics-token || true
# Sanity-check: abort if a critical var is missing
for required in NEXTAUTH_URL NEXTAUTH_SECRET AUTH_GOOGLE_ID AUTH_GOOGLE_SECRET \
AI_PROVIDER_TAGS AI_MODEL_TAGS AI_PROVIDER_EMBEDDING AI_MODEL_EMBEDDING \
AI_PROVIDER_CHAT AI_MODEL_CHAT MCP_SERVER_URL; do
grep -q "^${required}=" "$ENV_FILE" || {
echo "ERROR: required var $required missing in $ENV_FILE — check Gitea vars/secrets"
exit 1
}
done
echo "env.docker sanity-check passed ($(wc -l < "$ENV_FILE") lines)"
- name: Deploy on 192.168.1.190
env: