Merge pull request 'feat: add Supabase auth config to production Docker setup' (#69 ) from feature/add-supabase-auth-config-to-production-docker-setup into develop

Reviewed-on: #69
feat: write production .env from Gitea secrets during deploy
2026-03-21 12:19:29 +01:00 · 2026-03-21 12:17:59 +01:00 · 2026-03-21 12:07:53 +01:00
3 changed files with 22 additions and 0 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -28,6 +28,9 @@ jobs:
      - name: Build and push frontend image
        run: |
          docker build --platform linux/amd64 \
+            --build-arg VITE_API_URL=${{ secrets.VITE_API_URL }} \
+            --build-arg VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }} \
+            --build-arg VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }} \
            -t gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest \
            -f frontend/Dockerfile.prod ./frontend
          docker push gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest
@@ -41,6 +44,12 @@ jobs:
          SCP_CMD="scp -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key"
          DEPLOY_DIR="/mnt/user/appdata/nuzlocke-tracker"

+          # Write .env from secrets (overwrites any existing file)
+          printf '%s\n' \
+            "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" \
+            "SUPABASE_JWT_SECRET=${{ secrets.SUPABASE_JWT_SECRET }}" \
+          | $SSH_CMD "cat > '${DEPLOY_DIR}/.env'"
+
          $SCP_CMD docker-compose.prod.yml "root@192.168.1.10:${DEPLOY_DIR}/docker-compose.yml"
          $SCP_CMD backup.sh "root@192.168.1.10:${DEPLOY_DIR}/backup.sh"
          $SSH_CMD "chmod +x '${DEPLOY_DIR}/backup.sh'"
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -6,6 +6,7 @@ services:
    environment:
      - DEBUG=false
      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@db:5432/nuzlocke
+      - SUPABASE_JWT_SECRET=${SUPABASE_JWT_SECRET}
    depends_on:
      db:
        condition: service_healthy
@@ -13,6 +14,13 @@ services:

  frontend:
    image: gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile.prod
+      args:
+        - VITE_API_URL=${VITE_API_URL}
+        - VITE_SUPABASE_URL=${VITE_SUPABASE_URL}
+        - VITE_SUPABASE_ANON_KEY=${VITE_SUPABASE_ANON_KEY}
    ports:
      - "9080:80"
    depends_on:
--- a/frontend/Dockerfile.prod
+++ b/frontend/Dockerfile.prod
@@ -8,6 +8,11 @@ COPY package*.json ./
 RUN npm ci

 COPY . .
+
+ARG VITE_API_URL
+ARG VITE_SUPABASE_URL
+ARG VITE_SUPABASE_ANON_KEY
+
 RUN npm run build

 # Stage 2: Serve
Author	SHA1	Message	Date
TheFurya	7276f05dd2	Merge pull request 'feat: add Supabase auth config to production Docker setup' (#69 ) from feature/add-supabase-auth-config-to-production-docker-setup into develop All checks were successful CI / backend-tests (push) Successful in 29s Details CI / frontend-tests (push) Successful in 29s Details Reviewed-on: #69	2026-03-21 12:19:29 +01:00
Julian Tabel	7b0cd16064	feat: write production .env from Gitea secrets during deploy All checks were successful CI / backend-tests (pull_request) Successful in 26s Details CI / frontend-tests (pull_request) Successful in 28s Details Instead of relying on a pre-existing .env file on the server, the deploy workflow now writes POSTGRES_PASSWORD and SUPABASE_JWT_SECRET from Gitea secrets. This keeps all secret management in one place. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-21 12:17:59 +01:00
Julian Tabel	7cd3372c7e	feat: add Supabase auth config to production Docker setup All checks were successful CI / backend-tests (pull_request) Successful in 26s Details CI / frontend-tests (pull_request) Successful in 29s Details - Pass SUPABASE_JWT_SECRET to backend in docker-compose.prod.yml - Add build args (VITE_API_URL, VITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY) to Dockerfile.prod so Vite inlines them at build time - Pass build args from secrets in deploy workflow - Add build section to frontend service in docker-compose.prod.yml No GoTrue container needed in prod — Supabase Cloud hosts the auth service. The backend only needs the JWT secret to verify tokens. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-21 12:07:53 +01:00