Google OAuth was implemented locally but never deployed; the login button only renders when AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET are set. Also restores /api/ai/test-* endpoints removed by mistake and wires Google credentials into deploy workflows. Co-authored-by: Cursor <cursoragent@cursor.com>
106 lines
4.9 KiB
YAML
106 lines
4.9 KiB
YAML
name: Deploy to Production (manual)
|
|
|
|
# Déploiement auto = job "deploy" dans ci.yaml (après CI, sur runner docker-host).
|
|
# Ce workflow sert uniquement au déclenchement manuel sans repasser par la CI.
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy production (manual)
|
|
runs-on: docker-host
|
|
steps:
|
|
- name: Sync repo on server
|
|
run: |
|
|
cd /opt/memento
|
|
git fetch origin main
|
|
git reset --hard origin/main
|
|
|
|
- name: Update .env.docker
|
|
env:
|
|
APP_URL: ${{ vars.APP_URL }}
|
|
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
|
|
ADMIN_EMAIL: ${{ vars.ADMIN_EMAIL }}
|
|
ALLOW_REGISTRATION: ${{ vars.ALLOW_REGISTRATION }}
|
|
POSTGRES_USER: ${{ vars.POSTGRES_USER }}
|
|
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
|
|
POSTGRES_DB: ${{ vars.POSTGRES_DB }}
|
|
POSTGRES_PORT: ${{ vars.POSTGRES_PORT }}
|
|
AI_PROVIDER_TAGS: ${{ vars.AI_PROVIDER_TAGS }}
|
|
AI_MODEL_TAGS: ${{ vars.AI_MODEL_TAGS }}
|
|
AI_PROVIDER_EMBEDDING: ${{ vars.AI_PROVIDER_EMBEDDING }}
|
|
AI_MODEL_EMBEDDING: ${{ vars.AI_MODEL_EMBEDDING }}
|
|
AI_PROVIDER_CHAT: ${{ vars.AI_PROVIDER_CHAT }}
|
|
AI_MODEL_CHAT: ${{ vars.AI_MODEL_CHAT }}
|
|
CUSTOM_OPENAI_BASE_URL: ${{ vars.CUSTOM_OPENAI_BASE_URL }}
|
|
CUSTOM_OPENAI_API_KEY: ${{ secrets.CUSTOM_OPENAI_API_KEY }}
|
|
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
|
OLLAMA_BASE_URL: ${{ vars.OLLAMA_BASE_URL }}
|
|
EMAIL_PROVIDER: ${{ vars.EMAIL_PROVIDER }}
|
|
SMTP_FROM: ${{ vars.SMTP_FROM }}
|
|
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
|
|
SMTP_HOST: ${{ vars.SMTP_HOST }}
|
|
SMTP_PORT: ${{ vars.SMTP_PORT }}
|
|
SMTP_USER: ${{ vars.SMTP_USER }}
|
|
SMTP_PASS: ${{ secrets.SMTP_PASS }}
|
|
SMTP_SECURE: ${{ vars.SMTP_SECURE }}
|
|
SMTP_IGNORE_CERT: ${{ vars.SMTP_IGNORE_CERT }}
|
|
MCP_MODE: ${{ vars.MCP_MODE }}
|
|
MCP_PORT: ${{ vars.MCP_PORT }}
|
|
WEB_SEARCH_PROVIDER: ${{ vars.WEB_SEARCH_PROVIDER }}
|
|
SEARXNG_URL: ${{ vars.SEARXNG_URL }}
|
|
BRAVE_SEARCH_API_KEY: ${{ secrets.BRAVE_SEARCH_API_KEY }}
|
|
JINA_API_KEY: ${{ secrets.JINA_API_KEY }}
|
|
AUTH_GOOGLE_ID: ${{ vars.AUTH_GOOGLE_ID }}
|
|
AUTH_GOOGLE_SECRET: ${{ secrets.AUTH_GOOGLE_SECRET }}
|
|
run: |
|
|
ENV_FILE="/opt/memento/.env.docker"
|
|
touch "$ENV_FILE"
|
|
upsert() {
|
|
local key="$1" val="$2"
|
|
[ -z "$val" ] && return
|
|
sed -i "/^[[:space:]]*${key}=/d" "$ENV_FILE"
|
|
echo "${key}=\"${val}\"" >> "$ENV_FILE"
|
|
}
|
|
upsert NEXTAUTH_URL "$APP_URL"
|
|
upsert NEXTAUTH_SECRET "$NEXTAUTH_SECRET"
|
|
upsert ADMIN_EMAIL "$ADMIN_EMAIL"
|
|
upsert ALLOW_REGISTRATION "$ALLOW_REGISTRATION"
|
|
upsert POSTGRES_USER "$POSTGRES_USER"
|
|
upsert POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
|
|
upsert POSTGRES_DB "$POSTGRES_DB"
|
|
upsert POSTGRES_PORT "$POSTGRES_PORT"
|
|
upsert AI_PROVIDER_TAGS "$AI_PROVIDER_TAGS"
|
|
upsert AI_MODEL_TAGS "$AI_MODEL_TAGS"
|
|
upsert AI_PROVIDER_EMBEDDING "$AI_PROVIDER_EMBEDDING"
|
|
upsert AI_MODEL_EMBEDDING "$AI_MODEL_EMBEDDING"
|
|
upsert AI_PROVIDER_CHAT "$AI_PROVIDER_CHAT"
|
|
upsert AI_MODEL_CHAT "$AI_MODEL_CHAT"
|
|
upsert CUSTOM_OPENAI_BASE_URL "$CUSTOM_OPENAI_BASE_URL"
|
|
upsert CUSTOM_OPENAI_API_KEY "$CUSTOM_OPENAI_API_KEY"
|
|
upsert OPENAI_API_KEY "$OPENAI_API_KEY"
|
|
upsert OLLAMA_BASE_URL "$OLLAMA_BASE_URL"
|
|
upsert EMAIL_PROVIDER "$EMAIL_PROVIDER"
|
|
upsert SMTP_FROM "$SMTP_FROM"
|
|
upsert RESEND_API_KEY "$RESEND_API_KEY"
|
|
upsert SMTP_HOST "$SMTP_HOST"
|
|
upsert SMTP_PORT "$SMTP_PORT"
|
|
upsert SMTP_USER "$SMTP_USER"
|
|
upsert SMTP_PASS "$SMTP_PASS"
|
|
upsert SMTP_SECURE "$SMTP_SECURE"
|
|
upsert SMTP_IGNORE_CERT "$SMTP_IGNORE_CERT"
|
|
upsert MCP_MODE "$MCP_MODE"
|
|
upsert MCP_PORT "$MCP_PORT"
|
|
upsert WEB_SEARCH_PROVIDER "$WEB_SEARCH_PROVIDER"
|
|
upsert SEARXNG_URL "$SEARXNG_URL"
|
|
upsert BRAVE_SEARCH_API_KEY "$BRAVE_SEARCH_API_KEY"
|
|
upsert JINA_API_KEY "$JINA_API_KEY"
|
|
upsert AUTH_GOOGLE_ID "$AUTH_GOOGLE_ID"
|
|
upsert AUTH_GOOGLE_SECRET "$AUTH_GOOGLE_SECRET"
|
|
|
|
- name: Deploy (full build, no CI artifact)
|
|
env:
|
|
EXPECTED_COMMIT: ${{ github.sha }}
|
|
run: bash /opt/memento/scripts/deploy-prod.sh
|