mmainguy/immersive2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Cloudflare environment variables to CI/CD pipeline
All checks were successful
Build and Deploy / build (push) Successful in 1m34s
Details

Browse Source 
- Update build.yml to create .env.production from Gitea secrets
  - ANTHROPIC_API_KEY, CLOUDFLARE_ACCOUNT_ID, CLOUDFLARE_API_TOKEN
  - Secure file with chmod 600 (owner read only)
  - Preserve env file across deployments

- Update start.sh to source .env.production if it exists
  - Parse and export variables before starting server
  - Skip comments and empty lines

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Michael Mainguy 2026-01-03 06:40:33 -06:00
parent 03217f3e65
commit 8bfe7bb174
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/build.yml vendored
View File

@ -34,8 +34,8 @@ jobs:
# Ensure group write so we can delete old files # Ensure group write so we can delete old files
sudo chmod -R g+w /opt/immersive || true sudo chmod -R g+w /opt/immersive || true
# Remove old files except data directory # Remove old files except data directory and env file
find /opt/immersive -mindepth 1 -maxdepth 1 ! -name 'data' -exec rm -rf {} + find /opt/immersive -mindepth 1 -maxdepth 1 ! -name 'data' ! -name '.env.production' -exec rm -rf {} +
# Copy built files to target # Copy built files to target
cp -r . /opt/immersive/ cp -r . /opt/immersive/
@ -50,6 +50,22 @@ jobs:
# Set ownership to immersive user # Set ownership to immersive user
sudo chown -R immersive:immersive /opt/immersive sudo chown -R immersive:immersive /opt/immersive
- name: Create Environment File
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
run: |
# Create .env.production with secrets (only accessible by immersive user)
echo "# Auto-generated by CI/CD - Do not edit manually" > /opt/immersive/.env.production
echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}" >> /opt/immersive/.env.production
echo "CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}" >> /opt/immersive/.env.production
echo "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}" >> /opt/immersive/.env.production
# Secure the environment file
sudo chown immersive:immersive /opt/immersive/.env.production
sudo chmod 600 /opt/immersive/.env.production
- name: Start Service - name: Start Service
run: | run: |
sudo rc-service immersive start sudo rc-service immersive start

12
start.sh
View File

@ -12,6 +12,18 @@ cd "$APP_DIR"
export NODE_ENV=production export NODE_ENV=production
export NODE_OPTIONS="--max-old-space-size=2048" export NODE_OPTIONS="--max-old-space-size=2048"
# Load secrets from environment file if it exists
if [ -f "$APP_DIR/.env.production" ]; then
# Export each line as an environment variable
while IFS= read -r line || [ -n "$line" ]; do
# Skip comments and empty lines
case "$line" in
\#*|"") continue ;;
esac
export "$line"
done < "$APP_DIR/.env.production"
fi
# Optional: Set port (default 3001) # Optional: Set port (default 3001)
# export PORT=3001 # export PORT=3001