egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add Stripe secrets to CI/CD and build configuration (refs #55)

Browse Source 
- Add VITE_STRIPE_PUBLISHABLE_KEY to frontend Dockerfile build args
- Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose.yml build args
- Add :ro flag to backend Stripe secret volume mounts for consistency
- Update inject-secrets.sh with STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET
- Add Stripe secrets to staging.yaml workflow (build arg + inject step)
- Add Stripe secrets to production.yaml workflow (inject step)

Requires STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET secrets and
VITE_STRIPE_PUBLISHABLE_KEY variable to be configured in Gitea.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Eric Gullickson
2026-01-18 19:20:29 -06:00
parent 52c0b59a86
commit 254bed18d0
5 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/production.yaml
View File

@@ -119,6 +119,8 @@ jobs:
GOOGLE_MAPS_MAP_ID: ${{ secrets.GOOGLE_MAPS_MAP_ID }} GOOGLE_MAPS_MAP_ID: ${{ secrets.GOOGLE_MAPS_MAP_ID }}
CF_DNS_API_TOKEN: ${{ secrets.CF_DNS_API_TOKEN }} CF_DNS_API_TOKEN: ${{ secrets.CF_DNS_API_TOKEN }}
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }} RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
- name: Initialize data directories - name: Initialize data directories
run: | run: |

3
.gitea/workflows/staging.yaml
View File

@@ -67,6 +67,7 @@ jobs:
--build-arg VITE_AUTH0_CLIENT_ID=${{ vars.VITE_AUTH0_CLIENT_ID }} \ --build-arg VITE_AUTH0_CLIENT_ID=${{ vars.VITE_AUTH0_CLIENT_ID }} \
--build-arg VITE_AUTH0_AUDIENCE=${{ vars.VITE_AUTH0_AUDIENCE }} \ --build-arg VITE_AUTH0_AUDIENCE=${{ vars.VITE_AUTH0_AUDIENCE }} \
--build-arg VITE_API_BASE_URL=/api \ --build-arg VITE_API_BASE_URL=/api \
--build-arg VITE_STRIPE_PUBLISHABLE_KEY=${{ vars.VITE_STRIPE_PUBLISHABLE_KEY }} \
--cache-from $REGISTRY/egullickson/frontend:latest \ --cache-from $REGISTRY/egullickson/frontend:latest \
-t ${{ steps.tags.outputs.frontend_image }} \ -t ${{ steps.tags.outputs.frontend_image }} \
-t $REGISTRY/egullickson/frontend:latest \ -t $REGISTRY/egullickson/frontend:latest \
@@ -112,6 +113,8 @@ jobs:
GOOGLE_MAPS_MAP_ID: ${{ secrets.GOOGLE_MAPS_MAP_ID }} GOOGLE_MAPS_MAP_ID: ${{ secrets.GOOGLE_MAPS_MAP_ID }}
CF_DNS_API_TOKEN: ${{ secrets.CF_DNS_API_TOKEN }} CF_DNS_API_TOKEN: ${{ secrets.CF_DNS_API_TOKEN }}
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }} RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
- name: Initialize data directories - name: Initialize data directories
run: | run: |

5
docker-compose.yml
View File

@@ -53,6 +53,7 @@ services:
VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3} VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com} VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com}
VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api} VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api}
VITE_STRIPE_PUBLISHABLE_KEY: ${VITE_STRIPE_PUBLISHABLE_KEY:-}
container_name: mvp-frontend container_name: mvp-frontend
restart: unless-stopped restart: unless-stopped
environment: environment:
@@ -121,8 +122,8 @@ services:
- ./secrets/app/resend-api-key.txt:/run/secrets/resend-api-key:ro - ./secrets/app/resend-api-key.txt:/run/secrets/resend-api-key:ro
- ./secrets/app/auth0-management-client-id.txt:/run/secrets/auth0-management-client-id:ro - ./secrets/app/auth0-management-client-id.txt:/run/secrets/auth0-management-client-id:ro
- ./secrets/app/auth0-management-client-secret.txt:/run/secrets/auth0-management-client-secret:ro - ./secrets/app/auth0-management-client-secret.txt:/run/secrets/auth0-management-client-secret:ro
- ./secrets/app/stripe-secret-key.txt:/run/secrets/stripe-secret-key - ./secrets/app/stripe-secret-key.txt:/run/secrets/stripe-secret-key:ro
- ./secrets/app/stripe-webhook-secret.txt:/run/secrets/stripe-webhook-secret - ./secrets/app/stripe-webhook-secret.txt:/run/secrets/stripe-webhook-secret:ro
# Filesystem storage for documents # Filesystem storage for documents
- ./data/documents:/app/data/documents - ./data/documents:/app/data/documents
# Filesystem storage for backups # Filesystem storage for backups

4
frontend/Dockerfile
View File

@@ -19,15 +19,17 @@ FROM deps AS build
# Accept build arguments for environment variables # Accept build arguments for environment variables
ARG VITE_AUTH0_DOMAIN ARG VITE_AUTH0_DOMAIN
ARG VITE_AUTH0_CLIENT_ID ARG VITE_AUTH0_CLIENT_ID
ARG VITE_AUTH0_AUDIENCE ARG VITE_AUTH0_AUDIENCE
ARG VITE_API_BASE_URL ARG VITE_API_BASE_URL
ARG VITE_STRIPE_PUBLISHABLE_KEY
# Set environment variables from build args # Set environment variables from build args
ENV VITE_AUTH0_DOMAIN=$VITE_AUTH0_DOMAIN ENV VITE_AUTH0_DOMAIN=$VITE_AUTH0_DOMAIN
ENV VITE_AUTH0_CLIENT_ID=$VITE_AUTH0_CLIENT_ID ENV VITE_AUTH0_CLIENT_ID=$VITE_AUTH0_CLIENT_ID
ENV VITE_AUTH0_AUDIENCE=$VITE_AUTH0_AUDIENCE ENV VITE_AUTH0_AUDIENCE=$VITE_AUTH0_AUDIENCE
ENV VITE_API_BASE_URL=$VITE_API_BASE_URL ENV VITE_API_BASE_URL=$VITE_API_BASE_URL
ENV VITE_STRIPE_PUBLISHABLE_KEY=$VITE_STRIPE_PUBLISHABLE_KEY
COPY . . COPY . .
RUN npm run build RUN npm run build

6
scripts/inject-secrets.sh
View File

@@ -15,6 +15,8 @@
# - GOOGLE_MAPS_MAP_ID # - GOOGLE_MAPS_MAP_ID
# - CF_DNS_API_TOKEN # - CF_DNS_API_TOKEN
# - RESEND_API_KEY # - RESEND_API_KEY
# - STRIPE_SECRET_KEY
# - STRIPE_WEBHOOK_SECRET
set -euo pipefail set -euo pipefail
@@ -32,6 +34,8 @@ SECRET_FILES=(
"google-maps-map-id.txt" "google-maps-map-id.txt"
"cloudflare-dns-token.txt" "cloudflare-dns-token.txt"
"resend-api-key.txt" "resend-api-key.txt"
"stripe-secret-key.txt"
"stripe-webhook-secret.txt"
) )
echo "Injecting secrets..." echo "Injecting secrets..."
@@ -99,6 +103,8 @@ inject_secret "GOOGLE_MAPS_API_KEY" "google-maps-api-key.txt" || FAILED=1
inject_secret "GOOGLE_MAPS_MAP_ID" "google-maps-map-id.txt" || FAILED=1 inject_secret "GOOGLE_MAPS_MAP_ID" "google-maps-map-id.txt" || FAILED=1
inject_secret "CF_DNS_API_TOKEN" "cloudflare-dns-token.txt" || FAILED=1 inject_secret "CF_DNS_API_TOKEN" "cloudflare-dns-token.txt" || FAILED=1
inject_secret "RESEND_API_KEY" "resend-api-key.txt" || FAILED=1 inject_secret "RESEND_API_KEY" "resend-api-key.txt" || FAILED=1
inject_secret "STRIPE_SECRET_KEY" "stripe-secret-key.txt" || FAILED=1
inject_secret "STRIPE_WEBHOOK_SECRET" "stripe-webhook-secret.txt" || FAILED=1
if [ $FAILED -eq 1 ]; then if [ $FAILED -eq 1 ]; then
echo "" echo ""