Change default FROM to hello@notify.motovaultpro.com across app and CI
senders. Replace broken {{unsubscribeUrl}} placeholder with real Settings
page URL. Add RFC 8058 List-Unsubscribe headers for email client support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Stripe Price IDs were hardcoded and duplicated across 4 compose files.
Log levels were hardcoded per-overlay instead of using generate-log-config.sh.
This refactors all environment-specific variables into a single .env file
that CI/CD generates from Gitea repo variables + generate-log-config.sh.
- Add .env.example template with documented variables
- Replace hardcoded values with ${VAR:-default} substitution in base compose
- Simplify prod overlay from 90 to 32 lines (remove redundant env blocks)
- Add YAML anchors to blue-green overlay (eliminate blue/green duplication)
- Remove redundant OCR env block from staging overlay
- Change generate-log-config.sh to output to stdout (pipe into .env)
- Update staging/production CI/CD to generate .env with Stripe + log vars
- Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AUTH0_OCR_CLIENT_ID and AUTH0_OCR_CLIENT_SECRET to inject-secrets.sh
- Add new secrets to staging and production workflow env blocks
- Create .example files for new secret documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update Loki, Promtail, Grafana to use REGISTRY_MIRRORS
- Add grafana/loki, grafana/promtail, grafana/grafana to mirror script
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create generate-log-config.sh that maps a single LOG_LEVEL env var to
per-container settings for Backend, Frontend, PostgreSQL, Redis, and
Traefik. Script validates input and generates .env.logging file.
Integrate script into staging and production CI/CD pipelines.
Remove obsolete SPRINTS.md calendar file.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add detailed step-by-step instructions for setting up SSH key-based
authentication from staging to production, including proper directory
and file permissions (0700 for .ssh, 0600 for authorized_keys).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add VITE_STRIPE_PUBLISHABLE_KEY to frontend Dockerfile build args
- Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose.yml build args
- Add :ro flag to backend Stripe secret volume mounts for consistency
- Update inject-secrets.sh with STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET
- Add Stripe secrets to staging.yaml workflow (build arg + inject step)
- Add Stripe secrets to production.yaml workflow (inject step)
Requires STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET secrets and
VITE_STRIPE_PUBLISHABLE_KEY variable to be configured in Gitea.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: switch-traffic.sh was modifying Traefik config in the CI checkout
directory ($GITHUB_WORKSPACE) instead of the deployment directory ($DEPLOY_PATH).
Additionally, the sed patterns didn't work with multi-line YAML structure.
Changes:
- Add DEPLOY_PATH environment variable support to all CI scripts
- Add --force-recreate flag to ensure containers are recreated with new images
- Fix weight update to use awk for reliable multi-line YAML editing
- Add scripts/ directory to rsync so SREs can run scripts from /opt/motovaultpro
- Add image verification step to confirm containers use expected images
- Add weight verification to confirm Traefik routing was updated
- Add routing validation step to verify traffic switch succeeded
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: switch-traffic.sh was modifying Traefik config in the CI checkout
directory ($GITHUB_WORKSPACE) instead of the deployment directory ($DEPLOY_PATH).
Traefik never saw the weight changes, so traffic stayed on old containers.
Changes:
- Add DEPLOY_PATH environment variable support to all CI scripts
- Add --force-recreate flag to ensure containers are recreated with new images
- Add image verification step to confirm containers use expected images
- Add weight verification to confirm Traefik routing was updated
- Add routing validation step to verify traffic switch succeeded
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change CF_DNS_API_TOKEN_FILE to CLOUDFLARE_DNS_API_TOKEN_FILE (correct env var for Traefik/lego)
- Fix inject-secrets.sh to clean up Docker-created directories before injecting secrets
- Add detection for GitLab variables set as Variable type instead of File type
- Improve error messages to help diagnose configuration issues
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
