From c35c6698314f8b996660cd65c9a19303650b7062 Mon Sep 17 00:00:00 2001 From: codex-bot Date: Mon, 20 Oct 2025 15:19:59 -0300 Subject: [PATCH] ci(convex): set CONVEX_DEPLOYMENT=default and fetch admin key in convex_deploy job - Add Acquire Convex admin key step in convex_deploy - Provide CONVEX_DEPLOYMENT env and stop unsetting it - Pass envs into container for env list + deploy --- .github/workflows/ci-cd-web-desktop.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-cd-web-desktop.yml b/.github/workflows/ci-cd-web-desktop.yml index d8e0a58..f580239 100644 --- a/.github/workflows/ci-cd-web-desktop.yml +++ b/.github/workflows/ci-cd-web-desktop.yml @@ -342,6 +342,15 @@ jobs: --exclude '.pnpm-store/**' \ ./ "$EFFECTIVE_APP_DIR"/ + - name: Acquire Convex admin key + id: key + run: | + CID=$(docker ps --format '{{.ID}} {{.Names}}' | awk '/sistema_convex_backend/{print $1; exit}') + if [ -z "$CID" ]; then echo "No convex container"; exit 1; fi + KEY=$(docker exec -i "$CID" /bin/sh -lc './generate_admin_key.sh' | tr -d '\r' | grep -o 'convex-self-hosted|[^ ]*' | tail -n1) + echo "ADMIN_KEY=$KEY" >> $GITHUB_OUTPUT + echo "Admin key acquired? $([ -n "$KEY" ] && echo yes || echo no)" + - name: Bring convex.json from live app if present run: | if [ -f "$APP_DIR/convex.json" ]; then @@ -355,6 +364,7 @@ jobs: env: CONVEX_SELF_HOSTED_URL: https://convex.esdrasrenan.com.br CONVEX_SELF_HOSTED_ADMIN_KEY: ${{ steps.key.outputs.ADMIN_KEY }} + CONVEX_DEPLOYMENT: default MACHINE_PROVISIONING_SECRET: ${{ secrets.MACHINE_PROVISIONING_SECRET }} MACHINE_TOKEN_TTL_MS: ${{ secrets.MACHINE_TOKEN_TTL_MS }} FLEET_SYNC_SECRET: ${{ secrets.FLEET_SYNC_SECRET }} @@ -366,10 +376,11 @@ jobs: -e PNPM_STORE_DIR=/tmp/pnpm-store \ -e CONVEX_SELF_HOSTED_URL \ -e CONVEX_SELF_HOSTED_ADMIN_KEY \ + -e CONVEX_DEPLOYMENT \ -e MACHINE_PROVISIONING_SECRET \ -e MACHINE_TOKEN_TTL_MS \ -e FLEET_SYNC_SECRET \ - node:20-bullseye bash -lc "set -euo pipefail; unset CONVEX_DEPLOYMENT; corepack enable; corepack prepare pnpm@9 --activate; mkdir -p \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm config set store-dir \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm install --frozen-lockfile --prod=false; \ + node:20-bullseye bash -lc "set -euo pipefail; corepack enable; corepack prepare pnpm@9 --activate; mkdir -p \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm config set store-dir \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm install --frozen-lockfile --prod=false; \ if [ -n \"$MACHINE_PROVISIONING_SECRET\" ]; then pnpm exec convex env set MACHINE_PROVISIONING_SECRET \"$MACHINE_PROVISIONING_SECRET\" -y; fi; \ if [ -n \"$MACHINE_TOKEN_TTL_MS\" ]; then pnpm exec convex env set MACHINE_TOKEN_TTL_MS \"$MACHINE_TOKEN_TTL_MS\" -y; fi; \ if [ -n \"$FLEET_SYNC_SECRET\" ]; then pnpm exec convex env set FLEET_SYNC_SECRET \"$FLEET_SYNC_SECRET\" -y; fi; \ @@ -386,6 +397,7 @@ jobs: env: CONVEX_SELF_HOSTED_URL: https://convex.esdrasrenan.com.br CONVEX_SELF_HOSTED_ADMIN_KEY: ${{ steps.key.outputs.ADMIN_KEY }} + CONVEX_DEPLOYMENT: default run: | docker run --rm -i \ -v "$EFFECTIVE_APP_DIR":/app \ @@ -394,7 +406,8 @@ jobs: -e CI=true \ -e CONVEX_SELF_HOSTED_URL \ -e CONVEX_SELF_HOSTED_ADMIN_KEY \ - node:20-bullseye bash -lc "set -euo pipefail; unset CONVEX_DEPLOYMENT; corepack enable; corepack prepare pnpm@9 --activate; mkdir -p \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm config set store-dir \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm install --frozen-lockfile --prod=false; pnpm exec convex deploy" + -e CONVEX_DEPLOYMENT \ + node:20-bullseye bash -lc "set -euo pipefail; corepack enable; corepack prepare pnpm@9 --activate; mkdir -p \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm config set store-dir \"${PNPM_STORE_DIR:-/tmp/pnpm-store}\"; pnpm install --frozen-lockfile --prod=false; pnpm exec convex deploy" - name: Cleanup old convex build workdirs (keep last 2) run: |