From c4991ea3c4eff4928a69f5380f75bc59267a8602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 14:47:16 +0200 Subject: [PATCH 01/16] fix(infrastructure): add env variables to deployment --- .github/workflows/deploy-pr.yaml | 33 +++++----- .github/workflows/deploy-prod.yaml | 27 ++++---- .github/workflows/frontend-pages.yml | 61 +++---------------- .github/workflows/url_generator.yml | 43 +++++++++++++ .../charts/myapp-chart/templates/NOTES.txt | 54 ---------------- .../myapp-chart/templates/app-deployment.yaml | 16 +++++ 7project/charts/myapp-chart/values.yaml | 12 ++++ 7 files changed, 116 insertions(+), 130 deletions(-) create mode 100644 .github/workflows/url_generator.yml delete mode 100644 7project/charts/myapp-chart/templates/NOTES.txt diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 54b6b33..314fc53 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -29,6 +29,14 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit + get_urls: + if: github.event.action != 'closed' + uses: ./.github/workflows/url_generator.yml + with: + mode: pr + pr_number: ${{ github.event.pull_request.number }} + secrets: inherit + deploy: if: github.event.action != 'closed' name: Helm upgrade/install (PR preview) @@ -36,7 +44,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -64,23 +72,23 @@ jobs: DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | PR=${{ github.event.pull_request.number }} - if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi - if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR - DOMAIN=pr-$PR.$DEV_BASE_DOMAIN - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \ -n "$NAMESPACE" --create-namespace \ -f 7project/charts/myapp-chart/values-dev.yaml \ --set prNumber="$PR" \ --set deployment="pr-$PR" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string database.password="$DB_PASSWORD" @@ -88,17 +96,14 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }} + BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; if (!pr) { core.setFailed('No pull_request context'); return; } const prNumber = pr.number; - const domainBase = process.env.DEV_BASE_DOMAIN; - if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; } - const backendDomain = `pr-${prNumber}.${domainBase}`; - const backendUrl = `https://${backendDomain}`; + const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 91fda92..dfaf21d 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -37,10 +37,17 @@ jobs: mode: prod secrets: inherit + get_urls: + name: Get URLs + uses: ./.github/workflows/url_generator.yml + with: + mode: prod + secrets: inherit + deploy: name: Helm upgrade/install (prod) runs-on: vhs - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -63,25 +70,23 @@ jobs: - name: Helm upgrade/install prod env: - DOMAIN: ${{ secrets.PROD_DOMAIN }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} run: | - if [ -z "$DOMAIN" ]; then - echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then - echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then - echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ -f 7project/charts/myapp-chart/values-prod.yaml \ --set deployment="prod" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" + --set-string database.password="$DB_PASSWORD" diff --git a/.github/workflows/frontend-pages.yml b/.github/workflows/frontend-pages.yml index cf47997..d5c91f6 100644 --- a/.github/workflows/frontend-pages.yml +++ b/.github/workflows/frontend-pages.yml @@ -25,18 +25,18 @@ on: description: 'URL of deployed frontend' value: ${{ jobs.deploy.outputs.deployed_url }} -# Required repository secrets: -# CLOUDFLARE_API_TOKEN - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions -# CLOUDFLARE_ACCOUNT_ID - Your Cloudflare account ID -# Optional repository variables: -# CF_PAGES_PROJECT_NAME - Default Cloudflare Pages project name -# PROD_DOMAIN - App domain for prod releases (e.g., api.example.com or https://api.example.com) -# BACKEND_URL_PR_TEMPLATE - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com) - jobs: + get_urls: + uses: ./.github/workflows/url_generator.yml + with: + mode: ${{ inputs.mode }} + pr_number: ${{ inputs.pr_number }} + secrets: inherit + build: name: Build frontend runs-on: ubuntu-latest + needs: [get_urls] defaults: run: working-directory: 7project/frontend @@ -54,50 +54,9 @@ jobs: - name: Install dependencies run: npm ci - - name: Compute backend URL for Vite - id: be - env: - EVENT_NAME: ${{ github.event_name }} - PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }} - PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }} - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }} - PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }} - BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }} - MODE: ${{ inputs.mode }} + - name: Set backend URL from url_generator run: | - set -euo pipefail - URL="" - # 1) Explicit override wins (from repo var or secret) - if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then - if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then - URL="$BACKEND_URL_OVERRIDE" - else - URL="https://${BACKEND_URL_OVERRIDE}" - fi - else - # 2) PR-specific URL when building for PR - if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then - if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then - URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}" - elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then - URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}" - fi - fi - # 3) Fallback to PROD_DOMAIN (prefer repo var, then secret) - if [ -z "$URL" ]; then - PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}" - if [ -n "$PROD_DOMAIN" ]; then - if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then - URL="$PROD_DOMAIN" - else - URL="https://${PROD_DOMAIN}" - fi - fi - fi - fi - echo "Using backend URL: ${URL:-}" - echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV + echo "VITE_BACKEND_URL=${{ needs.get_urls.outputs.backend_url_scheme }}" >> $GITHUB_ENV - name: Build run: npm run build diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml new file mode 100644 index 0000000..02fa084 --- /dev/null +++ b/.github/workflows/url_generator.yml @@ -0,0 +1,43 @@ +name: url_generator +on: + workflow_call: + inputs: + mode: + description: "Mode: 'prod' or 'pr'" + required: true + type: string + pr_number: + description: 'PR number (required when mode=pr)' + required: false + type: string + +jobs: + get_urls: + runs-on: ubuntu-latest + outputs: + backend_url: ${{ steps.urls.outputs.backend_url }} + frontend_url: ${{ steps.urls.outputs.frontend_url }} + frontend_url_scheme: ${{ steps.urls.outputs.frontend_url_scheme }} + backend_url_scheme: ${{ steps.urls.outputs.backend_url_scheme }} + + steps: + - name: Compute URLs PROD + id: urls + run: | + set -euo pipefail + + if [ "${{ inputs.mode }}" = "prod" ]; then + BACKEND_URL="api.${{ secrets.PROD_DOMAIN }}" + FRONTEND_URL="finance.${{ secrets.PROD_DOMAIN }}" + + else + FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" + BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + + FRONTEND_URL_SCHEME="https://$FRONTEND_URL" + BACKEND_URL_SCHEME="https://$BACKEND_URL" + + echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT + echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT diff --git a/7project/charts/myapp-chart/templates/NOTES.txt b/7project/charts/myapp-chart/templates/NOTES.txt deleted file mode 100644 index 9eeb1e5..0000000 --- a/7project/charts/myapp-chart/templates/NOTES.txt +++ /dev/null @@ -1,54 +0,0 @@ -Thank you for installing myapp-chart. - -This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access. - -Namespaces per developer (important): -- Install each developer's environment into their own namespace using Helm's -n/--namespace flag. -- No hardcoded namespace is used in templates; resources are created in .Release.Namespace. -- Example namespaces: dev-alice, dev-bob, pr-123, etc. - -Key values: -- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER) -- image.repository/tag or image.digest -> container image -- domain -> public FQDN used by TunnelBinding (required to expose app) -- app/worker names, replicas, ports - -Examples: -- Dev install (Alice): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set domain=alice.demo.example.com \ - --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" - -- Dev install (Bob): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-bob --create-namespace \ - -f values-dev.yaml \ - --set domain=bob.demo.example.com - -- Prod install (different cleanupPolicy): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n prod --create-namespace \ - -f values-prod.yaml \ - --set domain=app.example.com - -- PR (preview) install with DB name containing PR number (also its own namespace): - PR=123 - helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \ - -n pr-$PR --create-namespace \ - -f values-dev.yaml \ - --set prNumber=$PR \ - --set deployment=preview-$PR \ - --set domain=pr-$PR.example.com - -- Use a custom deployment identifier to suffix DB name, DB username and Secret name: - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set deployment=alice \ - --set domain=alice.demo.example.com - -Render locally (dry run): - helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30 diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 1d264ab..499c1e4 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -52,6 +52,22 @@ spec: value: {{ .Values.rabbitmq.vhost | default "/" | quote }} - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} + - name: MOJEID_CLIENT_ID + value: {{ .Values.oauth.mojeid.clientId | quote }} + - name: MOJEID_CLIENT_SECRET + value: {{ .Values.oauth.mojeid.clientSecret | quote }} + - name: BANKID_CLIENT_ID + value: {{ .Values.oauth.bankid.clientId | quote }} + - name: BANKID_CLIENT_SECRET + value: {{ .Values.oauth.bankid.clientSecret | quote }} + - name: DOMAIN + value: {{ required "Set .Values.domain" .Values.domain | quote }} + - name: DOMAIN_SCHEME + value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }} + - name: FRONTEND_DOMAIN + value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }} + - name: FRONTEND_DOMAIN_SCHEME + value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }} livenessProbe: httpGet: path: / diff --git a/7project/charts/myapp-chart/values.yaml b/7project/charts/myapp-chart/values.yaml index 4b36e35..6186a32 100644 --- a/7project/charts/myapp-chart/values.yaml +++ b/7project/charts/myapp-chart/values.yaml @@ -11,6 +11,10 @@ deployment: "" # Public domain to expose the app under (used by TunnelBinding fqdn) # Set at install time: --set domain=example.com domain: "" +domain_scheme: "" + +frontend_domain: "" +frontend_domain_scheme: "" image: repository: lukastrkan/cc-app-demo @@ -33,6 +37,14 @@ worker: service: port: 80 +oauth: + bankid: + clientId: "" + clientSecret: "" + mojeid: + clientId: "" + clientSecret: "" + rabbitmq: create: true replicas: 1 From 7c161f6f37f89d75bd9ca0ea893a412fa1d57201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 14:49:26 +0200 Subject: [PATCH 02/16] fix(infrastructure): add env variables to deployment --- .github/workflows/url_generator.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 02fa084..360fa2d 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -33,6 +33,7 @@ jobs: else FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + fi FRONTEND_URL_SCHEME="https://$FRONTEND_URL" BACKEND_URL_SCHEME="https://$BACKEND_URL" @@ -40,4 +41,4 @@ jobs: echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT - echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT + echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT \ No newline at end of file From c290a109b64c776fdcbe4aa09a48cd3096839712 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 15:01:53 +0200 Subject: [PATCH 03/16] fix(infrastructure): use variables, not secrets --- .github/workflows/url_generator.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 360fa2d..33d2098 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -27,12 +27,12 @@ jobs: set -euo pipefail if [ "${{ inputs.mode }}" = "prod" ]; then - BACKEND_URL="api.${{ secrets.PROD_DOMAIN }}" - FRONTEND_URL="finance.${{ secrets.PROD_DOMAIN }}" + BACKEND_URL="api.${{ vars.PROD_DOMAIN }}" + FRONTEND_URL="finance.${{ vars.PROD_DOMAIN }}" else - FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" - BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + FRONTEND_URL="pr-${{inputs.pr_number}}.${{ vars.DEV_FRONTEND_BASE_DOMAIN }}" + BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ vars.DEV_BASE_DOMAIN }}" fi FRONTEND_URL_SCHEME="https://$FRONTEND_URL" From c4afdf5ad2616de3b16828205e391429813580a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 15:10:33 +0200 Subject: [PATCH 04/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 2 +- .github/workflows/deploy-prod.yaml | 2 +- .github/workflows/url_generator.yml | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 314fc53..abbd002 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -33,6 +33,7 @@ jobs: if: github.event.action != 'closed' uses: ./.github/workflows/url_generator.yml with: + runner: vhs mode: pr pr_number: ${{ github.event.pull_request.number }} secrets: inherit @@ -70,7 +71,6 @@ jobs: DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} - IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} DOMAIN: ${{ needs.get_urls.outputs.backend_url }} DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index dfaf21d..e092706 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -42,6 +42,7 @@ jobs: uses: ./.github/workflows/url_generator.yml with: mode: prod + runner: vhs secrets: inherit deploy: @@ -76,7 +77,6 @@ jobs: FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} - IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} run: | helm upgrade --install myapp ./7project/charts/myapp-chart \ diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 33d2098..936d117 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -10,10 +10,14 @@ on: description: 'PR number (required when mode=pr)' required: false type: string + runner: + description: 'Runner to use (default: ubuntu-latest)' + required: false + type: string jobs: get_urls: - runs-on: ubuntu-latest + runs-on: ${{inputs.runner || 'ubuntu-latest'}} outputs: backend_url: ${{ steps.urls.outputs.backend_url }} frontend_url: ${{ steps.urls.outputs.frontend_url }} From 810f1ccb32b54eaba02636ca6c5c37b5f92aadc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:01:38 +0200 Subject: [PATCH 05/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index abbd002..a9a2ea4 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -77,6 +77,8 @@ jobs: FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | + #print env + env | sort PR=${{ github.event.pull_request.number }} RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR From efb454ba999c9bb3815759cb7011161cf6f97f91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:06:06 +0200 Subject: [PATCH 06/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index a9a2ea4..1ec6dd5 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -77,6 +77,10 @@ jobs: FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | + DOMAIN=${{needs.get_urls.outputs.backend_url}} + DOMAIN_SCHEME=${{needs.get_urls.outputs.backend_url_scheme}} + FRONTEND_DOMAIN=${{needs.get_urls.outputs.frontend_url}} + FRONTEND_DOMAIN_SCHEME=${{needs.get_urls.outputs.frontend_url_scheme}} #print env env | sort PR=${{ github.event.pull_request.number }} From d1feafd4efd0ced042a54de5de6c6df46080ff24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:12:01 +0200 Subject: [PATCH 07/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 1ec6dd5..715bb93 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -72,15 +72,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: ${{ needs.get_urls.outputs.backend_url }} - DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} - FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} - FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} + DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" run: | - DOMAIN=${{needs.get_urls.outputs.backend_url}} - DOMAIN_SCHEME=${{needs.get_urls.outputs.backend_url_scheme}} - FRONTEND_DOMAIN=${{needs.get_urls.outputs.frontend_url}} - FRONTEND_DOMAIN_SCHEME=${{needs.get_urls.outputs.frontend_url_scheme}} #print env env | sort PR=${{ github.event.pull_request.number }} From 49c96187c921e0016a3f5bd41e6d8ad140c767c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:17:41 +0200 Subject: [PATCH 08/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 715bb93..484622a 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -29,7 +29,7 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit - get_urls: + get_urls_2: if: github.event.action != 'closed' uses: ./.github/workflows/url_generator.yml with: @@ -45,7 +45,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend, get_urls] + needs: [build, frontend, get_urls_2] steps: - name: Checkout uses: actions/checkout@v4 @@ -72,10 +72,10 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" - DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" - FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" - FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" + DOMAIN: "${{ needs.get_urls_2.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls_2.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.frontend_url_scheme }}" run: | #print env env | sort @@ -98,8 +98,8 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} - FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} + BACKEND_URL: ${{ needs.get_urls_2.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls_2.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; From 4f7d30daf6c6543dbd89b3451bc6612f3f94335f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:32:00 +0200 Subject: [PATCH 09/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 43 ++++++++++++++-------------- .github/workflows/frontend-pages.yml | 18 +++++------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 484622a..2bf2f79 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -20,17 +20,9 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit - frontend: - if: github.event.action != 'closed' - name: Frontend - Build and Deploy to Cloudflare Pages (PR) - uses: ./.github/workflows/frontend-pages.yml - with: - mode: pr - pr_number: ${{ github.event.pull_request.number }} - secrets: inherit - - get_urls_2: + get_urls: if: github.event.action != 'closed' + name: Generate Preview URLs uses: ./.github/workflows/url_generator.yml with: runner: vhs @@ -38,6 +30,17 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit + frontend: + if: github.event.action != 'closed' + name: Frontend - Build and Deploy to Cloudflare Pages (PR) + needs: [get_urls] + uses: ./.github/workflows/frontend-pages.yml + with: + mode: pr + pr_number: ${{ github.event.pull_request.number }} + backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }} + secrets: inherit + deploy: if: github.event.action != 'closed' name: Helm upgrade/install (PR preview) @@ -45,7 +48,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend, get_urls_2] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -72,13 +75,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: "${{ needs.get_urls_2.outputs.backend_url }}" - DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.backend_url_scheme }}" - FRONTEND_DOMAIN: "${{ needs.get_urls_2.outputs.frontend_url }}" - FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.frontend_url_scheme }}" + DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" run: | - #print env - env | sort PR=${{ github.event.pull_request.number }} RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR @@ -98,8 +99,8 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - BACKEND_URL: ${{ needs.get_urls_2.outputs.backend_url_scheme }} - FRONTEND_URL: ${{ needs.get_urls_2.outputs.frontend_url_scheme }} + BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; @@ -107,7 +108,7 @@ jobs: const prNumber = pr.number; const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; - const marker = ''; + const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; const { owner, repo } = context.repo; const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 }); @@ -146,4 +147,4 @@ jobs: NAMESPACE=pr-$PR helm uninstall "$RELEASE" -n "$NAMESPACE" || true # Optionally delete the namespace if empty - kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true + kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true \ No newline at end of file diff --git a/.github/workflows/frontend-pages.yml b/.github/workflows/frontend-pages.yml index d5c91f6..7b46a6f 100644 --- a/.github/workflows/frontend-pages.yml +++ b/.github/workflows/frontend-pages.yml @@ -15,6 +15,10 @@ on: description: 'Cloudflare Pages project name (overrides default)' required: false type: string + backend_url_scheme: + description: 'The full scheme URL for the backend (e.g., https://api.example.com)' + required: true + type: string secrets: CLOUDFLARE_API_TOKEN: required: true @@ -26,17 +30,9 @@ on: value: ${{ jobs.deploy.outputs.deployed_url }} jobs: - get_urls: - uses: ./.github/workflows/url_generator.yml - with: - mode: ${{ inputs.mode }} - pr_number: ${{ inputs.pr_number }} - secrets: inherit - build: name: Build frontend runs-on: ubuntu-latest - needs: [get_urls] defaults: run: working-directory: 7project/frontend @@ -54,9 +50,9 @@ jobs: - name: Install dependencies run: npm ci - - name: Set backend URL from url_generator + - name: Set backend URL from workflow input run: | - echo "VITE_BACKEND_URL=${{ needs.get_urls.outputs.backend_url_scheme }}" >> $GITHUB_ENV + echo "VITE_BACKEND_URL=${{ inputs.backend_url_scheme }}" >> $GITHUB_ENV - name: Build run: npm run build @@ -136,4 +132,4 @@ jobs: else URL="https://${PBRANCH}.${PNAME}.pages.dev" fi - echo "deployed_url=$URL" >> $GITHUB_OUTPUT + echo "deployed_url=$URL" >> $GITHUB_OUTPUT \ No newline at end of file From 579dda50b901aaccfd264106ed8ce6861280357e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:42:02 +0200 Subject: [PATCH 10/16] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 56 ++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 936d117..ed1a4b8 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -1,9 +1,12 @@ -name: url_generator +# .github/workflows/url_generator.yml + +name: Generate Preview or Production URLs + on: workflow_call: inputs: mode: - description: "Mode: 'prod' or 'pr'" + description: "Build mode: 'prod' or 'pr'" required: true type: string pr_number: @@ -11,37 +14,56 @@ on: required: false type: string runner: - description: 'Runner to use (default: ubuntu-latest)' + description: 'The runner to use for this job' required: false type: string + default: 'ubuntu-latest' + secrets: inherit + + outputs: + backend_url: + description: "The backend URL without scheme (e.g., api.example.com)" + value: ${{ jobs.generate-urls.outputs.backend_url }} + frontend_url: + description: "The frontend URL without scheme (e.g., app.example.com)" + value: ${{ jobs.generate-urls.outputs.frontend_url }} + backend_url_scheme: + description: "The backend URL with scheme (e.g., https://api.example.com)" + value: ${{ jobs.generate-urls.outputs.backend_url_scheme }} + frontend_url_scheme: + description: "The frontend URL with scheme (e.g., https://app.example.com)" + value: ${{ jobs.generate-urls.outputs.frontend_url_scheme }} jobs: - get_urls: - runs-on: ${{inputs.runner || 'ubuntu-latest'}} + generate-urls: + runs-on: ${{ inputs.runner }} outputs: - backend_url: ${{ steps.urls.outputs.backend_url }} - frontend_url: ${{ steps.urls.outputs.frontend_url }} - frontend_url_scheme: ${{ steps.urls.outputs.frontend_url_scheme }} - backend_url_scheme: ${{ steps.urls.outputs.backend_url_scheme }} + backend_url: ${{ steps.set_urls.outputs.backend_url }} + frontend_url: ${{ steps.set_urls.outputs.frontend_url }} + backend_url_scheme: ${{ steps.set_urls.outputs.backend_url_scheme }} + frontend_url_scheme: ${{ steps.set_urls.outputs.frontend_url_scheme }} steps: - - name: Compute URLs PROD - id: urls + - name: Generate URLs + id: set_urls + env: + BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} run: | set -euo pipefail if [ "${{ inputs.mode }}" = "prod" ]; then - BACKEND_URL="api.${{ vars.PROD_DOMAIN }}" - FRONTEND_URL="finance.${{ vars.PROD_DOMAIN }}" - + BACKEND_URL="api.${BASE_DOMAIN}" + FRONTEND_URL="finance.${BASE_DOMAIN}" else - FRONTEND_URL="pr-${{inputs.pr_number}}.${{ vars.DEV_FRONTEND_BASE_DOMAIN }}" - BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ vars.DEV_BASE_DOMAIN }}" + # This is your current logic + FRONTEND_URL="pr-${{ inputs.pr_number }}.group-8-frontend.pages.dev" + BACKEND_URL="api-pr-${{ inputs.pr_number }}.${BASE_DOMAIN}" fi - + FRONTEND_URL_SCHEME="https://$FRONTEND_URL" BACKEND_URL_SCHEME="https://$BACKEND_URL" + # This part correctly writes to GITHUB_OUTPUT for the step echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT From 20d26b7edc5215abb84a1c83ce4713b32c76091e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:42:16 +0200 Subject: [PATCH 11/16] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index ed1a4b8..96ee890 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -1,5 +1,3 @@ -# .github/workflows/url_generator.yml - name: Generate Preview or Production URLs on: From 85a390565a3e285621471e6892de0e633a87ac1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:43:55 +0200 Subject: [PATCH 12/16] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 96ee890..a5b7743 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -16,7 +16,9 @@ on: required: false type: string default: 'ubuntu-latest' - secrets: inherit + secrets: + BASE_DOMAIN: + required: false outputs: backend_url: @@ -35,6 +37,7 @@ on: jobs: generate-urls: runs-on: ${{ inputs.runner }} + outputs: backend_url: ${{ steps.set_urls.outputs.backend_url }} frontend_url: ${{ steps.set_urls.outputs.frontend_url }} From 815bf7f06523fe323945551399de41bf27c846dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:50:39 +0200 Subject: [PATCH 13/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 1 + .github/workflows/url_generator.yml | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 2bf2f79..9a311a2 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -28,6 +28,7 @@ jobs: runner: vhs mode: pr pr_number: ${{ github.event.pull_request.number }} + base_domain: ${{ vars.DEV_BASE_DOMAIN }} secrets: inherit frontend: diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index a5b7743..572d620 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -16,9 +16,10 @@ on: required: false type: string default: 'ubuntu-latest' - secrets: - BASE_DOMAIN: - required: false + base_domain: + description: 'The base domain for production URLs (e.g., example.com)' + required: true + type: string outputs: backend_url: @@ -48,7 +49,7 @@ jobs: - name: Generate URLs id: set_urls env: - BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} + BASE_DOMAIN: ${{ inputs.base_domain }} run: | set -euo pipefail From 5190e9c48e3671c2d42200aeef4bef5c4955367f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:00:07 +0200 Subject: [PATCH 14/16] fix(infrastructure): use correct runner --- .github/workflows/deploy-prod.yaml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index e092706..b42ee4a 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -30,19 +30,22 @@ jobs: context: 7project/backend secrets: inherit - frontend: - name: Frontend - Build and Deploy to Cloudflare Pages (prod) - uses: ./.github/workflows/frontend-pages.yml - with: - mode: prod - secrets: inherit - get_urls: - name: Get URLs + name: Generate Production URLs uses: ./.github/workflows/url_generator.yml with: mode: prod runner: vhs + base_domain: ${{ vars.PROD_DOMAIN }} + secrets: inherit + + frontend: + name: Frontend - Build and Deploy to Cloudflare Pages (prod) + needs: [get_urls] + uses: ./.github/workflows/frontend-pages.yml + with: + mode: prod + backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }} secrets: inherit deploy: @@ -78,6 +81,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} + BANKID_CLIENT_ID: ${{ secrets.BANKID_CLIENT_ID }} + BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }} + MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }} + MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }} + run: | helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ @@ -90,3 +98,7 @@ jobs: --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string database.password="$DB_PASSWORD" + --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \ + --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \ + --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \ + --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \ No newline at end of file From cdb6cf5e205ab543af44cc50f0207523636ec66c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:02:09 +0200 Subject: [PATCH 15/16] Update .github/workflows/deploy-pr.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/deploy-pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 9a311a2..c59f484 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -109,7 +109,7 @@ jobs: const prNumber = pr.number; const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; - const marker = ''; + const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; const { owner, repo } = context.repo; const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 }); From 8929920072681389fed14683b4af4980f57db59e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:04:04 +0200 Subject: [PATCH 16/16] Potential fix for code scanning alert no. 9: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/url_generator.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 572d620..31121d4 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -37,6 +37,8 @@ on: jobs: generate-urls: + permissions: + contents: none runs-on: ${{ inputs.runner }} outputs: