diff options
| author | IwanIDev <iwan@iwani.dev> | 2026-03-20 14:05:11 +0000 |
|---|---|---|
| committer | IwanIDev <iwan@iwani.dev> | 2026-03-20 14:05:11 +0000 |
| commit | 618a60dd11d2052e992ff487c2c979d127a3819f (patch) | |
| tree | 93f2a9766b847cacfa237d4ce310545fe94be1ae | |
| parent | d7475b2bc3edf0027e0fa57e3997c084c36a1b74 (diff) | |
Update deployment variables setup
| -rw-r--r-- | .github/workflows/docker_build.yml | 6 | ||||
| -rw-r--r-- | README.md | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 76299c9..047a318 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -60,7 +60,6 @@ jobs: build-args: | VITE_DRUPAL_BASE_URL=${{ vars.VITE_DRUPAL_BASE_URL }} VITE_DRUPAL_API_PREFIX=${{ vars.VITE_DRUPAL_API_PREFIX }} - VITE_DRUPAL_AUTH_TOKEN=${{ secrets.VITE_DRUPAL_AUTH_TOKEN }} cache-from: type=gha cache-to: type=gha,mode=max @@ -117,6 +116,11 @@ jobs: env: IMAGE_NAME: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest STACK_NAME: vite-portfolio + PORTFOLIO_HOST: ${{ vars.PORTFOLIO_HOST }} + TRAEFIK_NETWORK: ${{ vars.TRAEFIK_NETWORK }} + TRAEFIK_ENTRYPOINTS: ${{ vars.TRAEFIK_ENTRYPOINTS }} + DRUPAL_DB_PASSWORD: ${{ secrets.DRUPAL_DB_PASSWORD }} + MARIADB_ROOT_PASSWORD: ${{ secrets.MARIADB_ROOT_PASSWORD }} run: | # Deploy the stack using the remote context docker --context remote stack deploy -c docker-stack.yml --with-registry-auth $STACK_NAME @@ -100,10 +100,13 @@ Set these in your GitHub repository before deploying: - Repository variable: `VITE_DRUPAL_BASE_URL` - Repository variable: `VITE_DRUPAL_API_PREFIX` (optional) -- Repository secret: `VITE_DRUPAL_AUTH_TOKEN` (optional) - Repository variable: `PORTFOLIO_HOST` (domain Traefik should match, for example `portfolio.example.com`) - Repository variable: `TRAEFIK_NETWORK` (defaults to `traefik-public`) - Repository variable: `TRAEFIK_ENTRYPOINTS` (defaults to `web`, use `websecure` for TLS entrypoint) +- Repository secret: `DRUPAL_DB_PASSWORD` +- Repository secret: `MARIADB_ROOT_PASSWORD` + +Note: `VITE_*` values are embedded into frontend build output. Do not place private credentials in `VITE_*` variables. The `web` service is routed by Traefik (no direct host port publish on the app service). Your host Nginx can continue acting as the public reverse proxy by forwarding to Traefik's exposed entrypoint(s). |