debug(ci): enhance JWT secret and environment variable handling

Author: coderomm

.github/workflows/cd_frontend.yml

@@ -7,16 +7,27 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Docker login
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Verify secrets
+        run: |
+          if [ -z "${{ secrets.DATABASE_URL }}" ]; then
+            echo "Error: DATABASE_URL secret is not set"
+            exit 1
+          fi
+          if [ -z "${{ secrets.JWT_SECRET }}" ]; then
+            echo "Error: JWT_SECRET secret is not set"
+            exit 1
+          fi
+
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./docker/Dockerfile.frontend

apps/collabydraw/next.config.ts

@@ -1,4 +1,5 @@
 import type { NextConfig } from "next";
+import { webpack } from "next/dist/compiled/webpack/webpack";
 
 const nextConfig: NextConfig = {
   /* config options here */
@@ -10,6 +11,18 @@ const nextConfig: NextConfig = {
   publicRuntimeConfig: {
     JWT_SECRET: process.env.JWT_SECRET,
   },
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  webpack: (config, { isServer }) => {
+    // Ensure environment variables are always available
+    config.plugins.push(
+      new webpack.DefinePlugin({
+        'process.env.JWT_SECRET': JSON.stringify(process.env.JWT_SECRET),
+        'process.env.DATABASE_URL': JSON.stringify(process.env.DATABASE_URL),
+      })
+    );
+    return config;
+  }
 };
 
 export default nextConfig;

apps/collabydraw/utils/auth.ts

@@ -58,10 +58,12 @@ export const authOptions: NextAuthOptions = {
         token.id = user.id;
         token.email = user.email;
       }
-
+      if (!process.env.JWT_SECRET) {
+        throw new Error("JWT_SECRET is ABSOLUTELY REQUIRED and not set");
+      }
       token.accessToken = jwt.sign(
         { id: token.id, email: token.email },
-        process.env.NEXT_PUBLIC_JWT_SECRET || "",
+        process.env.JWT_SECRET,
         { expiresIn: "7d" }
       );
       return token;
@@ -75,5 +77,5 @@ export const authOptions: NextAuthOptions = {
       return session;
     },
   },
-  secret: process.env.NEXT_PUBLIC_JWT_SECRET,
+  secret: process.env.JWT_SECRET,
 };

docker/Dockerfile.frontend

@@ -9,11 +9,6 @@ WORKDIR /usr/src/app
 ARG DATABASE_URL
 ARG JWT_SECRET
 
-# Set environment variables
-ENV DATABASE_URL=${DATABASE_URL}
-ENV JWT_SECRET=${JWT_SECRET}
-ENV NEXT_PUBLIC_JWT_SECRET=${JWT_SECRET}
-
 # Copy necessary files for dependency installation
 COPY ./packages ./packages
 COPY ./package.json ./package.json
@@ -38,11 +33,30 @@ RUN prisma generate
 # Change back to the root directory
 WORKDIR /usr/src/app
 
+# Set environment variables
+ENV DATABASE_URL=${DATABASE_URL}
+ENV JWT_SECRET=${JWT_SECRET}
+
+# Create .env.local for Next.js
+WORKDIR /usr/src/app/apps/collabydraw
+RUN echo "JWT_SECRET=$JWT_SECRET" > .env.local
+RUN echo "DATABASE_URL=$DATABASE_URL" >> .env.local
+
+# Change back to the root directory
+WORKDIR /usr/src/app
+
+# Debugging step
+# RUN echo "DATABASE_URL length: ${#DATABASE_URL}"
+# RUN echo "JWT_SECRET length: ${#JWT_SECRET}"
+
+# Fail if secrets are not set
+# RUN test -n "$DATABASE_URL" && test -n "$JWT_SECRET"
+
 # Debug step: print environment variables
-RUN echo "DATABASE_URL: ${DATABASE_URL}" && echo "JWT_SECRET set: ${JWT_SECRET:+yes}"
+# RUN echo "DATABASE_URL: ${DATABASE_URL}" && echo "JWT_SECRET set: ${JWT_SECRET:+yes}"
 
 # Build the application with database URL
-RUN pnpm run build
+RUN DATABASE_URL=${DATABASE_URL} JWT_SECRET=${JWT_SECRET} pnpm run build
 
 # Expose the port
 EXPOSE 3000