CI/CD Gitea v1.0

scripts/ci/mirror-base-images.sh

@@ -5,7 +5,7 @@
 
 set -euo pipefail
 
-REGISTRY="${REGISTRY:-registry.motovaultpro.com/mirrors}"
+REGISTRY="${REGISTRY:-git.motovaultpro.com/egullickson/mirrors}"
 
 # Base images required by MotoVaultPro
 IMAGES=(

scripts/ci/notify.sh

@@ -3,7 +3,7 @@
 # Sends email notifications for deployment events
 #
 # Usage: ./notify.sh <event_type> [message] [commit_sha]
-#   event_type: success, failure, rollback, rollback_failed, maintenance_start, maintenance_end
+#   event_type: success, failure, rollback, rollback_failed, maintenance_start, maintenance_end, staging_ready
 #   message: Optional custom message
 #   commit_sha: Optional commit SHA for context
 #
@@ -39,15 +39,16 @@ if [[ -z "$NOTIFY_EMAIL" ]]; then
   exit 0
 fi
 
-# Get Resend API key
-RESEND_API_KEY=""
-if [[ -f "/run/secrets/resend-api-key" ]]; then
-  RESEND_API_KEY=$(cat /run/secrets/resend-api-key)
-elif [[ -f "$PROJECT_ROOT/secrets/app/resend-api-key.txt" ]]; then
-  RESEND_API_KEY=$(cat "$PROJECT_ROOT/secrets/app/resend-api-key.txt")
+# Get Resend API key (check env first for Gitea, then files for containers)
+if [[ -z "${RESEND_API_KEY:-}" ]]; then
+  if [[ -f "/run/secrets/resend-api-key" ]]; then
+    RESEND_API_KEY=$(cat /run/secrets/resend-api-key)
+  elif [[ -f "$PROJECT_ROOT/secrets/app/resend-api-key.txt" ]]; then
+    RESEND_API_KEY=$(cat "$PROJECT_ROOT/secrets/app/resend-api-key.txt")
+  fi
 fi
 
-if [[ -z "$RESEND_API_KEY" ]]; then
+if [[ -z "${RESEND_API_KEY:-}" ]]; then
   echo "WARNING: Resend API key not found, skipping notification"
   exit 0
 fi
@@ -96,6 +97,13 @@ case "$EVENT_TYPE" in
     STATUS_TEXT="Maintenance Complete"
     DEFAULT_MESSAGE="Maintenance window complete. Application is online."
     ;;
+  "staging_ready")
+    SUBJECT="Staging Ready for Production - MotoVaultPro"
+    STATUS_COLOR="#3b82f6"
+    STATUS_EMOJI="[STAGING]"
+    STATUS_TEXT="Staging Verified"
+    DEFAULT_MESSAGE="Staging deployment verified. Ready for production deployment."
+    ;;
   *)
     echo "Unknown event type: $EVENT_TYPE"
     exit 1

scripts/inject-secrets.sh

@@ -1,33 +1,26 @@
 #!/bin/bash
 # inject-secrets.sh
-# Writes GitLab CI File type variables to the secrets directory
-# for K8s-style secret mounting in Docker Compose
+# Writes secrets to the secrets directory for K8s-style secret mounting
 #
-# GitLab File variables provide the PATH to a temporary file containing the secret.
-# This script copies those files to the expected secrets/app/ location.
+# Supports two modes:
+# 1. GitLab CI: File variables provide PATH to temp file
+# 2. Gitea Actions: Environment variables contain the secret value directly
 #
-# IMPORTANT: In GitLab, variables MUST be set as "File" type, not "Variable" type.
-# File type variables provide a PATH to a temp file containing the secret.
-# Variable type provides the raw value, which will NOT work with this script.
-#
-# Required GitLab CI/CD Variables (File type):
+# Required environment variables:
 #   - POSTGRES_PASSWORD
 #   - AUTH0_CLIENT_SECRET
-#   - AUTH0_MANAGEMENT_CLIENT_ID (Auth0 Management API client ID for user signup)
-#   - AUTH0_MANAGEMENT_CLIENT_SECRET (Auth0 Management API client secret)
+#   - AUTH0_MANAGEMENT_CLIENT_ID
+#   - AUTH0_MANAGEMENT_CLIENT_SECRET
 #   - GOOGLE_MAPS_API_KEY
 #   - GOOGLE_MAPS_MAP_ID
-#   - CF_DNS_API_TOKEN (Cloudflare DNS API token for Let's Encrypt certificates)
-#   - RESEND_API_KEY (Resend API key for email notifications)
-#
-# Required GitLab CI/CD Variables (Variable type):
-#   - DEPLOY_PATH
+#   - CF_DNS_API_TOKEN
+#   - RESEND_API_KEY
 
 set -euo pipefail
 
 # Configuration
 DEPLOY_PATH="${DEPLOY_PATH:-/opt/motovaultpro}"
-SECRETS_DIR="${DEPLOY_PATH}/secrets/app"
+SECRETS_DIR="${SECRETS_DIR:-${DEPLOY_PATH}/secrets/app}"
 
 # List of all secret files (must match docker-compose volume mounts)
 SECRET_FILES=(
@@ -66,37 +59,33 @@ mkdir -p "$SECRETS_DIR"
 chmod 700 "$SECRETS_DIR"
 
 # Function to inject a secret
+# Supports both:
+#   - Direct value (Gitea Actions): VAR contains the secret
+#   - File path (GitLab CI): VAR contains path to file with secret
 inject_secret() {
     local var_name="$1"
     local file_name="$2"
     local target_path="${SECRETS_DIR}/${file_name}"
 
-    # GitLab File variables contain the PATH to a temp file
-    local source_path="${!var_name:-}"
+    local source_value="${!var_name:-}"
 
-    if [ -z "$source_path" ]; then
+    if [ -z "$source_value" ]; then
         echo "  ERROR: Variable $var_name is not set"
-        echo "         Ensure it exists in GitLab CI/CD Variables"
         return 1
     fi
 
-    # Check if it looks like a raw value instead of a file path
-    if [[ ! "$source_path" =~ ^/ ]]; then
-        echo "  ERROR: $var_name appears to be a raw value, not a file path"
-        echo "         In GitLab, change the variable Type from 'Variable' to 'File'"
-        return 1
+    # Check if it's a file path (GitLab CI File variable)
+    if [[ "$source_value" =~ ^/ ]] && [ -f "$source_value" ]; then
+        # GitLab mode: copy from file
+        cp "$source_value" "$target_path"
+        echo "  OK: $file_name (from file)"
+    else
+        # Gitea mode: write value directly
+        echo -n "$source_value" > "$target_path"
+        echo "  OK: $file_name (from env)"
     fi
 
-    if [ ! -f "$source_path" ]; then
-        echo "  ERROR: File not found for $var_name at $source_path"
-        echo "         Ensure the variable is set as 'File' type in GitLab"
-        return 1
-    fi
-
-    # Copy the secret file (644 so container users can read)
-    cp "$source_path" "$target_path"
     chmod 644 "$target_path"
-    echo "  OK: $file_name"
 }
 
 # Inject all secrets
@@ -114,7 +103,6 @@ inject_secret "RESEND_API_KEY" "resend-api-key.txt" || FAILED=1
 if [ $FAILED -eq 1 ]; then
     echo ""
     echo "ERROR: One or more secrets failed to inject"
-    echo "Ensure all required CI/CD variables are configured as File type in GitLab"
     exit 1
 fi