CI/CD Gitea v1.0

scripts/inject-secrets.sh

@@ -1,33 +1,26 @@
 #!/bin/bash
 # inject-secrets.sh
-# Writes GitLab CI File type variables to the secrets directory
-# for K8s-style secret mounting in Docker Compose
+# Writes secrets to the secrets directory for K8s-style secret mounting
 #
-# GitLab File variables provide the PATH to a temporary file containing the secret.
-# This script copies those files to the expected secrets/app/ location.
+# Supports two modes:
+# 1. GitLab CI: File variables provide PATH to temp file
+# 2. Gitea Actions: Environment variables contain the secret value directly
 #
-# IMPORTANT: In GitLab, variables MUST be set as "File" type, not "Variable" type.
-# File type variables provide a PATH to a temp file containing the secret.
-# Variable type provides the raw value, which will NOT work with this script.
-#
-# Required GitLab CI/CD Variables (File type):
+# Required environment variables:
 #   - POSTGRES_PASSWORD
 #   - AUTH0_CLIENT_SECRET
-#   - AUTH0_MANAGEMENT_CLIENT_ID (Auth0 Management API client ID for user signup)
-#   - AUTH0_MANAGEMENT_CLIENT_SECRET (Auth0 Management API client secret)
+#   - AUTH0_MANAGEMENT_CLIENT_ID
+#   - AUTH0_MANAGEMENT_CLIENT_SECRET
 #   - GOOGLE_MAPS_API_KEY
 #   - GOOGLE_MAPS_MAP_ID
-#   - CF_DNS_API_TOKEN (Cloudflare DNS API token for Let's Encrypt certificates)
-#   - RESEND_API_KEY (Resend API key for email notifications)
-#
-# Required GitLab CI/CD Variables (Variable type):
-#   - DEPLOY_PATH
+#   - CF_DNS_API_TOKEN
+#   - RESEND_API_KEY
 
 set -euo pipefail
 
 # Configuration
 DEPLOY_PATH="${DEPLOY_PATH:-/opt/motovaultpro}"
-SECRETS_DIR="${DEPLOY_PATH}/secrets/app"
+SECRETS_DIR="${SECRETS_DIR:-${DEPLOY_PATH}/secrets/app}"
 
 # List of all secret files (must match docker-compose volume mounts)
 SECRET_FILES=(
@@ -66,37 +59,33 @@ mkdir -p "$SECRETS_DIR"
 chmod 700 "$SECRETS_DIR"
 
 # Function to inject a secret
+# Supports both:
+#   - Direct value (Gitea Actions): VAR contains the secret
+#   - File path (GitLab CI): VAR contains path to file with secret
 inject_secret() {
     local var_name="$1"
     local file_name="$2"
     local target_path="${SECRETS_DIR}/${file_name}"
 
-    # GitLab File variables contain the PATH to a temp file
-    local source_path="${!var_name:-}"
+    local source_value="${!var_name:-}"
 
-    if [ -z "$source_path" ]; then
+    if [ -z "$source_value" ]; then
         echo "  ERROR: Variable $var_name is not set"
-        echo "         Ensure it exists in GitLab CI/CD Variables"
         return 1
     fi
 
-    # Check if it looks like a raw value instead of a file path
-    if [[ ! "$source_path" =~ ^/ ]]; then
-        echo "  ERROR: $var_name appears to be a raw value, not a file path"
-        echo "         In GitLab, change the variable Type from 'Variable' to 'File'"
-        return 1
+    # Check if it's a file path (GitLab CI File variable)
+    if [[ "$source_value" =~ ^/ ]] && [ -f "$source_value" ]; then
+        # GitLab mode: copy from file
+        cp "$source_value" "$target_path"
+        echo "  OK: $file_name (from file)"
+    else
+        # Gitea mode: write value directly
+        echo -n "$source_value" > "$target_path"
+        echo "  OK: $file_name (from env)"
     fi
 
-    if [ ! -f "$source_path" ]; then
-        echo "  ERROR: File not found for $var_name at $source_path"
-        echo "         Ensure the variable is set as 'File' type in GitLab"
-        return 1
-    fi
-
-    # Copy the secret file (644 so container users can read)
-    cp "$source_path" "$target_path"
     chmod 644 "$target_path"
-    echo "  OK: $file_name"
 }
 
 # Inject all secrets
@@ -114,7 +103,6 @@ inject_secret "RESEND_API_KEY" "resend-api-key.txt" || FAILED=1
 if [ $FAILED -eq 1 ]; then
     echo ""
     echo "ERROR: One or more secrets failed to inject"
-    echo "Ensure all required CI/CD variables are configured as File type in GitLab"
     exit 1
 fi