diff --git a/.gitea/workflows/staging.yaml b/.gitea/workflows/staging.yaml index de8d391..78fa0c6 100644 --- a/.gitea/workflows/staging.yaml +++ b/.gitea/workflows/staging.yaml @@ -100,7 +100,7 @@ jobs: run: | cd "$DEPLOY_PATH" chmod +x scripts/inject-secrets.sh - SECRETS_DIR="$DEPLOY_PATH/secrets/staging" ./scripts/inject-secrets.sh + SECRETS_DIR="$DEPLOY_PATH/secrets/app" ./scripts/inject-secrets.sh env: POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} diff --git a/scripts/ci/ansible/deploy-production-runner.yml b/scripts/ci/ansible/deploy-production-runner.yml index 77125e3..1a63791 100644 --- a/scripts/ci/ansible/deploy-production-runner.yml +++ b/scripts/ci/ansible/deploy-production-runner.yml @@ -133,6 +133,16 @@ groups: docker append: true + - name: Configure passwordless sudo for act_runner + copy: + dest: /etc/sudoers.d/act_runner + content: | + # Allow act_runner to run commands without password for CI/CD operations + # This is required because Gitea Actions runners don't have a TTY + act_runner ALL=(ALL) NOPASSWD: ALL + mode: '0440' + validate: 'visudo -cf %s' + - name: Create act_runner config directory file: path: /etc/act_runner diff --git a/scripts/ci/ansible/deploy-staging-runner.yml b/scripts/ci/ansible/deploy-staging-runner.yml index 265b63a..8b657b3 100644 --- a/scripts/ci/ansible/deploy-staging-runner.yml +++ b/scripts/ci/ansible/deploy-staging-runner.yml @@ -163,6 +163,16 @@ groups: docker append: true + - name: Configure passwordless sudo for act_runner + copy: + dest: /etc/sudoers.d/act_runner + content: | + # Allow act_runner to run commands without password for CI/CD operations + # This is required because Gitea Actions runners don't have a TTY + act_runner ALL=(ALL) NOPASSWD: ALL + mode: '0440' + validate: 'visudo -cf %s' + - name: Create act_runner config directory file: path: /etc/act_runner