diff --git a/.github/workflows/ci-cd-web-desktop.yml b/.github/workflows/ci-cd-web-desktop.yml index 8354f16..60df90b 100644 --- a/.github/workflows/ci-cd-web-desktop.yml +++ b/.github/workflows/ci-cd-web-desktop.yml @@ -257,6 +257,32 @@ jobs: --exclude '.pnpm-store/**' \ ./ "$EFFECTIVE_APP_DIR"/ + - name: Set Convex env vars (self-hosted) + if: ${{ env.CONVEX_SELF_HOSTED_URL != '' && env.CONVEX_SELF_HOSTED_ADMIN_KEY != '' }} + env: + CONVEX_SELF_HOSTED_URL: ${{ secrets.CONVEX_SELF_HOSTED_URL }} + CONVEX_SELF_HOSTED_ADMIN_KEY: ${{ secrets.CONVEX_SELF_HOSTED_ADMIN_KEY }} + run: | + set -e + # Load production values from /srv (do not copy .env to workspace) + if [ -f /srv/apps/sistema/.env ]; then + set -o allexport + . /srv/apps/sistema/.env + set +o allexport + fi + docker run --rm -i \ + -v "$EFFECTIVE_APP_DIR":/app \ + -w /app \ + -e CONVEX_SELF_HOSTED_URL \ + -e CONVEX_SELF_HOSTED_ADMIN_KEY \ + -e MACHINE_PROVISIONING_SECRET="${MACHINE_PROVISIONING_SECRET:-}" \ + -e MACHINE_TOKEN_TTL_MS="${MACHINE_TOKEN_TTL_MS:-}" \ + -e FLEET_SYNC_SECRET="${FLEET_SYNC_SECRET:-}" \ + node:20-bullseye bash -lc "set -euo pipefail; unset CONVEX_DEPLOYMENT; corepack enable; corepack prepare pnpm@9 --activate; pnpm install --frozen-lockfile --prod=false; \ + if [ -n \"\${MACHINE_PROVISIONING_SECRET:-}\" ]; then pnpm exec convex env set MACHINE_PROVISIONING_SECRET \"\${MACHINE_PROVISIONING_SECRET}\" -y; fi; \ + if [ -n \"\${MACHINE_TOKEN_TTL_MS:-}\" ]; then pnpm exec convex env set MACHINE_TOKEN_TTL_MS \"\${MACHINE_TOKEN_TTL_MS}\" -y; fi; \ + if [ -n \"\${FLEET_SYNC_SECRET:-}\" ]; then pnpm exec convex env set FLEET_SYNC_SECRET \"\${FLEET_SYNC_SECRET}\" -y; fi;" + - name: Ensure .env is not present for Convex deploy run: | cd "$EFFECTIVE_APP_DIR"