Files
Momento/.gitea/workflows/deploy.yaml
Antigravity 5b794d6449
Some checks failed
CI / Lint, Test & Build (push) Failing after 7m46s
CI / Deploy production (on server) (push) Has been cancelled
feat(auth): restore Google sign-in and AI admin test routes
Google OAuth was implemented locally but never deployed; the login button
only renders when AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET are set. Also
restores /api/ai/test-* endpoints removed by mistake and wires Google
credentials into deploy workflows.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-17 17:17:42 +00:00

106 lines
4.9 KiB
YAML

name: Deploy to Production (manual)
# Déploiement auto = job "deploy" dans ci.yaml (après CI, sur runner docker-host).
# Ce workflow sert uniquement au déclenchement manuel sans repasser par la CI.
on:
workflow_dispatch:
jobs:
deploy:
name: Deploy production (manual)
runs-on: docker-host
steps:
- name: Sync repo on server
run: |
cd /opt/memento
git fetch origin main
git reset --hard origin/main
- name: Update .env.docker
env:
APP_URL: ${{ vars.APP_URL }}
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
ADMIN_EMAIL: ${{ vars.ADMIN_EMAIL }}
ALLOW_REGISTRATION: ${{ vars.ALLOW_REGISTRATION }}
POSTGRES_USER: ${{ vars.POSTGRES_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_DB: ${{ vars.POSTGRES_DB }}
POSTGRES_PORT: ${{ vars.POSTGRES_PORT }}
AI_PROVIDER_TAGS: ${{ vars.AI_PROVIDER_TAGS }}
AI_MODEL_TAGS: ${{ vars.AI_MODEL_TAGS }}
AI_PROVIDER_EMBEDDING: ${{ vars.AI_PROVIDER_EMBEDDING }}
AI_MODEL_EMBEDDING: ${{ vars.AI_MODEL_EMBEDDING }}
AI_PROVIDER_CHAT: ${{ vars.AI_PROVIDER_CHAT }}
AI_MODEL_CHAT: ${{ vars.AI_MODEL_CHAT }}
CUSTOM_OPENAI_BASE_URL: ${{ vars.CUSTOM_OPENAI_BASE_URL }}
CUSTOM_OPENAI_API_KEY: ${{ secrets.CUSTOM_OPENAI_API_KEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
OLLAMA_BASE_URL: ${{ vars.OLLAMA_BASE_URL }}
EMAIL_PROVIDER: ${{ vars.EMAIL_PROVIDER }}
SMTP_FROM: ${{ vars.SMTP_FROM }}
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
SMTP_HOST: ${{ vars.SMTP_HOST }}
SMTP_PORT: ${{ vars.SMTP_PORT }}
SMTP_USER: ${{ vars.SMTP_USER }}
SMTP_PASS: ${{ secrets.SMTP_PASS }}
SMTP_SECURE: ${{ vars.SMTP_SECURE }}
SMTP_IGNORE_CERT: ${{ vars.SMTP_IGNORE_CERT }}
MCP_MODE: ${{ vars.MCP_MODE }}
MCP_PORT: ${{ vars.MCP_PORT }}
WEB_SEARCH_PROVIDER: ${{ vars.WEB_SEARCH_PROVIDER }}
SEARXNG_URL: ${{ vars.SEARXNG_URL }}
BRAVE_SEARCH_API_KEY: ${{ secrets.BRAVE_SEARCH_API_KEY }}
JINA_API_KEY: ${{ secrets.JINA_API_KEY }}
AUTH_GOOGLE_ID: ${{ vars.AUTH_GOOGLE_ID }}
AUTH_GOOGLE_SECRET: ${{ secrets.AUTH_GOOGLE_SECRET }}
run: |
ENV_FILE="/opt/memento/.env.docker"
touch "$ENV_FILE"
upsert() {
local key="$1" val="$2"
[ -z "$val" ] && return
sed -i "/^[[:space:]]*${key}=/d" "$ENV_FILE"
echo "${key}=\"${val}\"" >> "$ENV_FILE"
}
upsert NEXTAUTH_URL "$APP_URL"
upsert NEXTAUTH_SECRET "$NEXTAUTH_SECRET"
upsert ADMIN_EMAIL "$ADMIN_EMAIL"
upsert ALLOW_REGISTRATION "$ALLOW_REGISTRATION"
upsert POSTGRES_USER "$POSTGRES_USER"
upsert POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
upsert POSTGRES_DB "$POSTGRES_DB"
upsert POSTGRES_PORT "$POSTGRES_PORT"
upsert AI_PROVIDER_TAGS "$AI_PROVIDER_TAGS"
upsert AI_MODEL_TAGS "$AI_MODEL_TAGS"
upsert AI_PROVIDER_EMBEDDING "$AI_PROVIDER_EMBEDDING"
upsert AI_MODEL_EMBEDDING "$AI_MODEL_EMBEDDING"
upsert AI_PROVIDER_CHAT "$AI_PROVIDER_CHAT"
upsert AI_MODEL_CHAT "$AI_MODEL_CHAT"
upsert CUSTOM_OPENAI_BASE_URL "$CUSTOM_OPENAI_BASE_URL"
upsert CUSTOM_OPENAI_API_KEY "$CUSTOM_OPENAI_API_KEY"
upsert OPENAI_API_KEY "$OPENAI_API_KEY"
upsert OLLAMA_BASE_URL "$OLLAMA_BASE_URL"
upsert EMAIL_PROVIDER "$EMAIL_PROVIDER"
upsert SMTP_FROM "$SMTP_FROM"
upsert RESEND_API_KEY "$RESEND_API_KEY"
upsert SMTP_HOST "$SMTP_HOST"
upsert SMTP_PORT "$SMTP_PORT"
upsert SMTP_USER "$SMTP_USER"
upsert SMTP_PASS "$SMTP_PASS"
upsert SMTP_SECURE "$SMTP_SECURE"
upsert SMTP_IGNORE_CERT "$SMTP_IGNORE_CERT"
upsert MCP_MODE "$MCP_MODE"
upsert MCP_PORT "$MCP_PORT"
upsert WEB_SEARCH_PROVIDER "$WEB_SEARCH_PROVIDER"
upsert SEARXNG_URL "$SEARXNG_URL"
upsert BRAVE_SEARCH_API_KEY "$BRAVE_SEARCH_API_KEY"
upsert JINA_API_KEY "$JINA_API_KEY"
upsert AUTH_GOOGLE_ID "$AUTH_GOOGLE_ID"
upsert AUTH_GOOGLE_SECRET "$AUTH_GOOGLE_SECRET"
- name: Deploy (full build, no CI artifact)
env:
EXPECTED_COMMIT: ${{ github.sha }}
run: bash /opt/memento/scripts/deploy-prod.sh