@hed-hog/cli 0.0.61 → 0.0.63

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/package.json +1 -1
  2. package/dist/src/templates/deployment/workflow.deploy.yml.ejs +90 -2
  3. package/dist/tsconfig.build.tsbuildinfo +1 -1
  4. package/package.json +1 -1
package/dist/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hed-hog/cli",
3
- "version": "0.0.61",
3
+ "version": "0.0.63",
4
4
  "description": "HedHog CLI tool",
5
5
  "author": "HedHog",
6
6
  "private": false,
package/dist/src/templates/deployment/workflow.deploy.yml.ejs CHANGED
@@ -49,6 +49,16 @@ jobs:
49
49
  name: Deploy API
50
50
  runs-on: ubuntu-latest
51
51
  needs: apply-cluster-config
52
+ # Required GitHub Secrets for API deployment:
53
+ # - DATABASE_URL: PostgreSQL connection string (format: postgresql://user:pass@host:port/dbname)
54
+ # - JWT_SECRET: 64-char hex string or base64 key for JWT signing
55
+ # - ENCRYPTION_SECRET: Base64 encoded 32-byte key for data encryption
56
+ # - PEPPER: Base64 encoded pepper value for password hashing
57
+ # - DIGITALOCEAN_ACCESS_TOKEN: DigitalOcean API token
58
+ #
59
+ # Auto-configured (via env vars in this workflow):
60
+ # - JWT_EXPIRES_IN: JWT expiration (currently: ${{ env.API_JWT_EXPIRES_IN }})
61
+ # - FRONTEND_URL: Frontend URL (currently: ${{ env.API_FRONTEND_URL }})
52
62
  steps:
53
63
  - name: Checkout code
54
64
  uses: actions/checkout@v4
@@ -112,10 +122,42 @@ jobs:
112
122
  - name: Validate required GitHub secrets
113
123
  env:
114
124
  DATABASE_URL: ${{ secrets.DATABASE_URL }}
125
+ ENCRYPTION_SECRET: ${{ secrets.ENCRYPTION_SECRET }}
126
+ JWT_SECRET: ${{ secrets.JWT_SECRET }}
127
+ PEPPER: ${{ secrets.PEPPER }}
115
128
  run: |
129
+ MISSING_SECRETS=""
130
+
131
+ # Check DATABASE_URL
116
132
  if [ -z "$DATABASE_URL" ]; then
117
133
  echo "::error::GitHub secret DATABASE_URL is not set. Configure it in Settings > Secrets and variables > Actions."
118
- echo "::error::Expected format: postgresql://postgres:<password>@postgresql-<%= config.appName %>:5432/<%= config.appName %>"
134
+ echo "::error::Expected format: postgresql://postgres:<password>@postgresql-hub:5432/hub"
135
+ MISSING_SECRETS="$MISSING_SECRETS DATABASE_URL"
136
+ fi
137
+
138
+ # Check ENCRYPTION_SECRET
139
+ if [ -z "$ENCRYPTION_SECRET" ]; then
140
+ echo "::error::GitHub secret ENCRYPTION_SECRET is not set. Configure it in Settings > Secrets and variables > Actions."
141
+ echo "::error::Expected format: base64 encoded 32-byte encryption key"
142
+ MISSING_SECRETS="$MISSING_SECRETS ENCRYPTION_SECRET"
143
+ fi
144
+
145
+ # Check JWT_SECRET
146
+ if [ -z "$JWT_SECRET" ]; then
147
+ echo "::error::GitHub secret JWT_SECRET is not set. Configure it in Settings > Secrets and variables > Actions."
148
+ echo "::error::Expected format: 64-character hexadecimal string or base64 encoded key"
149
+ MISSING_SECRETS="$MISSING_SECRETS JWT_SECRET"
150
+ fi
151
+
152
+ # Check PEPPER
153
+ if [ -z "$PEPPER" ]; then
154
+ echo "::error::GitHub secret PEPPER is not set. Configure it in Settings > Secrets and variables > Actions."
155
+ echo "::error::Expected format: base64 encoded pepper value for password hashing"
156
+ MISSING_SECRETS="$MISSING_SECRETS PEPPER"
157
+ fi
158
+
159
+ if [ -n "$MISSING_SECRETS" ]; then
160
+ echo "::error::The following required secrets are missing:$MISSING_SECRETS"
119
161
  exit 1
120
162
  fi
121
163
  - name: Ensure API config exists
@@ -187,6 +229,50 @@ jobs:
187
229
  kubectl logs -l app=<%= config.appName %>-api -n ${{ env.NAMESPACE }} --tail=50 --previous 2>/dev/null || true
188
230
  exit 1
189
231
  )
232
+ - name: Verify API environment variables in container
233
+ run: |
234
+ echo "Waiting for pod to stabilize..."
235
+ sleep 5
236
+
237
+ # Get the newest pod
238
+ POD_NAME=$(kubectl get pods -l app=hub-api -n ${{ env.NAMESPACE }} --sort-by=.metadata.creationTimestamp -o name | tail -n 1 | cut -d/ -f2)
239
+
240
+ if [ -z "$POD_NAME" ]; then
241
+ echo "::error::No hub-api pod found in namespace ${{ env.NAMESPACE }}"
242
+ exit 1
243
+ fi
244
+
245
+ echo "Verifying environment variables in pod: $POD_NAME"
246
+ echo ""
247
+
248
+ # Required environment variables (from apps/api/.env.example)
249
+ REQUIRED_ENVS=("DATABASE_URL" "ENCRYPTION_SECRET" "JWT_SECRET" "PEPPER" "JWT_EXPIRES_IN" "FRONTEND_URL")
250
+
251
+ VERIFICATION_FAILED=0
252
+
253
+ for ENV_VAR in "${REQUIRED_ENVS[@]}"; do
254
+ # Check if env var is set and not empty in the container
255
+ ENV_VALUE=$(kubectl exec "$POD_NAME" -n ${{ env.NAMESPACE }} -- sh -c "echo \${ENV_VAR}" 2>/dev/null || echo "")
256
+
257
+ if [ -z "$ENV_VALUE" ] || [ "$ENV_VALUE" = "\${ENV_VAR}" ]; then
258
+ echo "✗ FAIL: $ENV_VAR is not set or empty in the container"
259
+ VERIFICATION_FAILED=1
260
+ else
261
+ VALUE_LENGTH=${#ENV_VALUE}
262
+ echo "✓ OK: $ENV_VAR is set (${VALUE_LENGTH} chars)"
263
+ fi
264
+ done
265
+
266
+ echo ""
267
+
268
+ if [ $VERIFICATION_FAILED -eq 1 ]; then
269
+ echo "::error::One or more environment variables are missing in the API container."
270
+ echo "Pod environment variables (debugging info):"
271
+ kubectl exec "$POD_NAME" -n ${{ env.NAMESPACE }} -- env | grep -E "DATABASE_URL|ENCRYPTION_SECRET|JWT_SECRET|PEPPER|JWT_EXPIRES_IN|FRONTEND_URL" || echo "No matching vars found"
272
+ exit 1
273
+ fi
274
+
275
+ echo "✓ All environment variables verified successfully in the container"
190
276
  <% } %>
191
277
  <% if ((config.apps || []).includes('admin')) { %>
192
278
  deploy-admin:
@@ -229,7 +315,9 @@ jobs:
229
315
  docker push ${{ env.REGISTRY }}/ci-auth-probe-admin:${{ github.run_id }}
230
316
  - name: Build Docker image
231
317
  run: |
232
- docker build -t ${{ env.REGISTRY }}/<%= config.appName %>-admin:${{ github.sha }} \
318
+ docker build -t ${{ env.REGISTRY }}/<%= config.appName %:${{ github.sha }} \
319
+ --build-arg NEXT_PUBLIC_API_BASE_URL=${{ env.ADMIN_API_BASE_URL }} \
320
+ --build-arg NEXT_PUBLIC_API_URL=${{ env.ADMIN_API_URL }} \
233
321
  -f apps/admin/Dockerfile .
234
322
  - name: Push Docker image (sha)
235
323
  run: |