fix(deploy): .env.docker resilient — no rm -f, sanity-check vars critiques
- Supprime rm -f (causait la perte de ~23 vars a chaque deploy) - upsert ecrit KEY=value sans quotes (compatible Docker Compose v2) - CRLF strip avant ecriture (sed s/\r$//) - Sanity-check post-upsert: abort si NEXTAUTH_SECRET/AUTH_GOOGLE_ID/etc manquantes - Header ## AUTO-MANAGED BY CI ## en tete de fichier genere - deploy-prod.sh: sanity-check pre-deploy (NEXTAUTH_URL/SECRET/GOOGLE_ID/SECRET) - Ajoute .env.docker.example (reference complete de toutes les vars) - Ajoute MCP_SERVER_MODE/MCP_SERVER_URL manquantes dans deploy.yaml
This commit is contained in:
@@ -66,8 +66,9 @@ jobs:
|
||||
MCP_API_KEY: ${{ secrets.MCP_API_KEY }}
|
||||
run: |
|
||||
ENV_FILE="/opt/memento/.env.docker"
|
||||
rm -f "$ENV_FILE"
|
||||
touch "$ENV_FILE"
|
||||
sed -i 's/\r$//' "$ENV_FILE"
|
||||
echo "## AUTO-MANAGED BY CI — do not edit manually ##" > "$ENV_FILE"
|
||||
upsert() {
|
||||
local key="$1" val="$2"
|
||||
[ -z "$val" ] && return
|
||||
@@ -103,6 +104,8 @@ jobs:
|
||||
upsert SMTP_IGNORE_CERT "$SMTP_IGNORE_CERT"
|
||||
upsert MCP_MODE "$MCP_MODE"
|
||||
upsert MCP_PORT "$MCP_PORT"
|
||||
upsert MCP_SERVER_MODE "$MCP_MODE"
|
||||
upsert MCP_SERVER_URL "${APP_URL}/mcp"
|
||||
upsert WEB_SEARCH_PROVIDER "$WEB_SEARCH_PROVIDER"
|
||||
upsert SEARXNG_URL "$SEARXNG_URL"
|
||||
upsert BRAVE_SEARCH_API_KEY "$BRAVE_SEARCH_API_KEY"
|
||||
@@ -121,6 +124,16 @@ jobs:
|
||||
upsert GRAFANA_ADMIN_PASSWORD "$GRAFANA_ADMIN_PASSWORD"
|
||||
upsert MCP_API_KEY "$MCP_API_KEY"
|
||||
[ -n "$METRICS_TOKEN" ] && echo "$METRICS_TOKEN" > /opt/memento/monitoring/metrics-token && chmod 600 /opt/memento/monitoring/metrics-token || true
|
||||
# Sanity-check: abort if a critical var is missing
|
||||
for required in NEXTAUTH_URL NEXTAUTH_SECRET AUTH_GOOGLE_ID AUTH_GOOGLE_SECRET \
|
||||
AI_PROVIDER_TAGS AI_MODEL_TAGS AI_PROVIDER_EMBEDDING AI_MODEL_EMBEDDING \
|
||||
AI_PROVIDER_CHAT AI_MODEL_CHAT MCP_SERVER_URL; do
|
||||
grep -q "^${required}=" "$ENV_FILE" || {
|
||||
echo "ERROR: required var $required missing in $ENV_FILE — check Gitea vars/secrets"
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
echo "env.docker sanity-check passed ($(wc -l < "$ENV_FILE") lines)"
|
||||
|
||||
- name: Deploy (full build, no CI artifact)
|
||||
env:
|
||||
|
||||
Reference in New Issue
Block a user