Complete dual deployment system for both apps

✨ Features:
- Conditional Auth0 authentication for both apps
- Auto-detects Shinylive vs Shinyapps.io environment
- GitHub Actions workflow for private deployments
- Auth0 configuration templates for both apps
- Comprehensive deployment documentation

🔧 Technical:
- Environment detection prevents Auth0 loading in Shinylive
- Graceful fallback to public mode when Auth0 unavailable
- Secure credential handling via GitHub secrets
- Complete .gitignore protection for auth configs

📱 Deployment URLs:
- Public: GitHub Pages + Shinylive (portfolio)
- Private: Shinyapps.io + Auth0 (client access)

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

Author: jasdumas

.github/workflows/deploy-shinyapps.yml

@@ -0,0 +1,93 @@
+name: Deploy to Shinyapps.io
+
+on:
+  workflow_dispatch:
+    inputs:
+      app_name:
+        description: 'App to deploy (donor-retention-calculator or board-packet-generator)'
+        required: true
+        default: 'donor-retention-calculator'
+        type: choice
+        options:
+          - donor-retention-calculator
+          - board-packet-generator
+  push:
+    branches: [ main ]
+    paths:
+      - 'donor-retention-calculator/**'
+      - 'board-packet-generator/**'
+
+jobs:
+  deploy-shinyapps:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up R
+      uses: r-lib/actions/setup-r@v2
+      with:
+        r-version: '4.4.1'
+
+    - name: Install system dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libcurl4-openssl-dev libssl-dev libxml2-dev libfontconfig1-dev libharfbuzz-dev libfribidi-dev libfreetype6-dev libpng-dev libtiff5-dev libjpeg-dev
+
+    - name: Install R dependencies
+      run: |
+        R -e "install.packages(c('rsconnect', 'shiny', 'bslib', 'dplyr', 'lubridate', 'DT', 'shinyjs', 'auth0', 'tidyr', 'plotly'))"
+
+    - name: Determine app to deploy
+      id: determine-app
+      run: |
+        if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+          echo "app_name=${{ github.event.inputs.app_name }}" >> $GITHUB_OUTPUT
+        else
+          # Auto-determine based on changed files
+          if git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -q "donor-retention-calculator/"; then
+            echo "app_name=donor-retention-calculator" >> $GITHUB_OUTPUT
+          elif git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -q "board-packet-generator/"; then
+            echo "app_name=board-packet-generator" >> $GITHUB_OUTPUT
+          else
+            echo "app_name=donor-retention-calculator" >> $GITHUB_OUTPUT
+          fi
+        fi
+
+    - name: Set up Auth0 config
+      if: steps.determine-app.outputs.app_name == 'donor-retention-calculator'
+      run: |
+        cd ${{ steps.determine-app.outputs.app_name }}
+        
+        # Create _auth0.yml from template
+        cat > _auth0.yml << EOF
+        name: donor-retention-private
+        remote_url: 'https://${{ secrets.SHINYAPPS_ACCOUNT }}.shinyapps.io/donor-retention-private/'
+        auth0_config:
+          api_url: https://${{ secrets.AUTH0_DOMAIN }}
+          credentials:
+            key: ${{ secrets.AUTH0_CLIENT_ID }}
+            secret: ${{ secrets.AUTH0_CLIENT_SECRET }}
+        EOF
+
+    - name: Configure rsconnect
+      run: |
+        R -e "rsconnect::setAccountInfo(name='${{ secrets.SHINYAPPS_ACCOUNT }}', token='${{ secrets.SHINYAPPS_TOKEN }}', secret='${{ secrets.SHINYAPPS_SECRET }}')"
+
+    - name: Deploy to shinyapps.io
+      run: |
+        cd ${{ steps.determine-app.outputs.app_name }}
+        
+        if [ "${{ steps.determine-app.outputs.app_name }}" = "donor-retention-calculator" ]; then
+          APP_NAME="donor-retention-private"
+        else
+          APP_NAME="board-packet-private"
+        fi
+        
+        R -e "rsconnect::deployApp(appName='$APP_NAME', account='${{ secrets.SHINYAPPS_ACCOUNT }}', forceUpdate=TRUE)"
+
+    - name: Clean up sensitive files
+      if: always()
+      run: |
+        rm -f ${{ steps.determine-app.outputs.app_name }}/_auth0.yml

.gitignore

@@ -47,3 +47,7 @@ po/*~
 
 # RStudio Connect folder
 rsconnect/
+
+# Auth0 configuration files (contain sensitive credentials)
+_auth0.yml
+*/_auth0.yml

DEPLOYMENT.md

@@ -0,0 +1,142 @@
+# Dual Deployment Setup Guide
+
+This project supports two deployment modes:
+
+1. **Public Portfolio** (GitHub Pages + Shinylive) - No authentication
+2. **Private Client Access** (Shinyapps.io) - Auth0 authentication
+
+## 🔧 Setup Instructions
+
+### 1. Auth0 Configuration
+
+1. Create an Auth0 application at https://manage.auth0.com/
+2. Configure your Auth0 app:
+   - **Application Type**: Regular Web Application
+   - **Allowed Callback URLs**: 
+     - `https://YOUR_ACCOUNT.shinyapps.io/donor-retention-private/`
+     - `https://YOUR_ACCOUNT.shinyapps.io/board-packet-private/`
+   - **Allowed Logout URLs**: 
+     - `https://YOUR_ACCOUNT.shinyapps.io/donor-retention-private/`
+     - `https://YOUR_ACCOUNT.shinyapps.io/board-packet-private/`
+   - **Allowed Web Origins**: `https://YOUR_ACCOUNT.shinyapps.io`
+
+### 2. Shinyapps.io Setup
+
+1. Create account at https://www.shinyapps.io/
+2. Get your deployment tokens:
+   - Go to Account > Tokens
+   - Copy your account name, token, and secret
+
+### 3. GitHub Secrets Configuration
+
+Add these secrets to your GitHub repository (Settings > Secrets and variables > Actions):
+
+#### Required Secrets:
+```
+SHINYAPPS_ACCOUNT=your-shinyapps-account-name
+SHINYAPPS_TOKEN=your-shinyapps-token
+SHINYAPPS_SECRET=your-shinyapps-secret
+
+AUTH0_DOMAIN=your-auth0-domain.auth0.com
+AUTH0_CLIENT_ID=your-auth0-client-id
+AUTH0_CLIENT_SECRET=your-auth0-client-secret
+```
+
+### 4. Local Development with Auth0
+
+1. Copy the auth0 template:
+   ```bash
+   cp donor-retention-calculator/_auth0.yml.template donor-retention-calculator/_auth0.yml
+   ```
+
+2. Edit `_auth0.yml` with your Auth0 credentials:
+   ```yaml
+   name: donor-retention-local
+   remote_url: 'http://localhost:8100/'
+   auth0_config:
+     api_url: https://your-domain.auth0.com
+     credentials:
+       key: your-client-id
+       secret: your-client-secret
+   ```
+
+3. Update Auth0 app to allow localhost:
+   - Add `http://localhost:8100/` to Allowed Callback URLs
+   - Add `http://localhost:8100/` to Allowed Logout URLs
+   - Add `http://localhost:8100/` to Allowed Web Origins
+
+## 🚀 Deployment
+
+### Automatic Deployment
+
+Both deployments happen automatically:
+
+- **GitHub Pages (Public)**: Triggers on push to `main` via existing workflow
+- **Shinyapps.io (Private)**: Triggers on push to `main` when app files change
+
+### Manual Deployment
+
+You can manually deploy to Shinyapps.io:
+
+1. Go to Actions tab in GitHub
+2. Select "Deploy to Shinyapps.io" workflow  
+3. Click "Run workflow"
+4. Choose which app to deploy
+
+## 🔗 Access URLs
+
+After deployment, your apps will be available at:
+
+- **Public Portfolio**: 
+  - Donor Retention: `https://yourusername.github.io/nonprofit-analytics-tools/donor-retention-calculator/`
+  - Board Packet: `https://yourusername.github.io/nonprofit-analytics-tools/board-packet-generator/`
+
+- **Private Client Access**:
+  - Donor Retention: `https://your-account.shinyapps.io/donor-retention-private/`
+  - Board Packet: `https://your-account.shinyapps.io/board-packet-private/`
+
+## 🔍 How It Works
+
+The apps automatically detect their environment:
+
+- **Shinylive**: Runs in public mode (no auth)
+- **Shinyapps.io**: Loads Auth0 if config file present
+- **Local**: Uses Auth0 if `_auth0.yml` exists
+
+## 📁 File Structure
+
+```
+nonprofit-analytics-tools/
+├── .github/workflows/
+│   ├── deploy-shinylive.yml      # Public deployment
+│   └── deploy-shinyapps.yml      # Private deployment
+├── donor-retention-calculator/
+│   ├── app.R                     # Main app with conditional auth
+│   └── _auth0.yml.template       # Auth0 config template
+├── board-packet-generator/
+│   └── app.R                     # Board packet app
+└── DEPLOYMENT.md                 # This guide
+```
+
+## 🔒 Security Notes
+
+- Auth0 config files are never committed to git
+- Secrets are only available during GitHub Actions
+- Local `_auth0.yml` should be in `.gitignore`
+- Private apps require Auth0 login to access
+
+## 🐛 Troubleshooting
+
+### App won't load on Shinyapps.io
+- Check that all required secrets are set
+- Verify Auth0 callback URLs match deployment URL
+- Check deployment logs in GitHub Actions
+
+### Auth0 not working locally
+- Ensure `_auth0.yml` exists and has correct credentials
+- Verify localhost is added to Auth0 allowed URLs
+- Check that auth0 R package is installed
+
+### Public version showing auth errors
+- The app should auto-detect Shinylive and skip auth
+- If not, check the environment detection logic

board-packet-generator/_auth0.yml.template

@@ -0,0 +1,7 @@
+name: board-packet-private
+remote_url: 'https://YOUR_ACCOUNT.shinyapps.io/board-packet-private/'
+auth0_config:
+  api_url: !expr paste0('https://', Sys.getenv("AUTH0_DOMAIN"))
+  credentials:
+    key: !expr Sys.getenv("AUTH0_CLIENT_ID")
+    secret: !expr Sys.getenv("AUTH0_CLIENT_SECRET")

board-packet-generator/app.R

@@ -7,6 +7,44 @@ library(tidyr)
 library(bslib)
 library(shinyjs)
 
+# Environment detection and conditional auth loading
+is_shinylive <- function() {
+  # Multiple checks for Shinylive/WebR environment
+  tryCatch({
+    # WebR runs on wasm32-unknown-emscripten platform
+    grepl("wasm", R.Version()$platform, ignore.case = TRUE) ||
+    # Shinylive doesn't have file system access in typical way
+    !file.exists("/") ||
+    # Check for WebR-specific environment variables
+    Sys.getenv("WEBR") == "1" ||
+    # Check if we're in a browser context (no real file system)
+    !capabilities("fifo")
+  }, error = function(e) {
+    # If checks fail, assume we're in Shinylive
+    TRUE
+  })
+}
+
+# Conditional auth0 loading
+if (!is_shinylive() && file.exists("_auth0.yml")) {
+  tryCatch({
+    library(auth0)
+    options(auth0_config_file = "_auth0.yml")
+    use_auth <- TRUE
+    cat("✓ Auth0 loaded successfully\n")
+  }, error = function(e) {
+    cat("⚠ Auth0 not available, running without authentication\n")
+    use_auth <- FALSE
+  })
+} else {
+  use_auth <- FALSE
+  if (is_shinylive()) {
+    cat("✓ Shinylive environment detected - running in public mode\n")
+  } else {
+    cat("⚠ No auth0 config found - running without authentication\n")
+  }
+}
+
 # Professional corporate color scheme
 corporate_colors <- list(
   primary = "#2c3e50",
@@ -1558,5 +1596,11 @@ generate_board_packet_html <- function(meeting_title, meeting_date, meeting_time
   return(html_content)
 }
 
-# For Shinylive compatibility - app object must be defined
-app <- shinyApp(ui = ui, server = server)
+# Conditional app creation based on environment
+if (use_auth) {
+  cat("🔒 Creating authenticated app with Auth0\n")
+  app <- auth0::shinyAppAuth0(ui, server)
+} else {
+  cat("🌐 Creating public app (no authentication)\n")
+  app <- shinyApp(ui = ui, server = server)
+}

donor-retention-calculator/_auth0.yml.template

@@ -0,0 +1,7 @@
+name: donor-retention-private
+remote_url: 'https://YOUR_ACCOUNT.shinyapps.io/donor-retention-private/'
+auth0_config:
+  api_url: !expr paste0('https://', Sys.getenv("AUTH0_DOMAIN"))
+  credentials:
+    key: !expr Sys.getenv("AUTH0_CLIENT_ID")
+    secret: !expr Sys.getenv("AUTH0_CLIENT_SECRET")

donor-retention-calculator/app.R

@@ -6,6 +6,44 @@ library(lubridate)
 library(DT)
 library(shinyjs)
 
+# Environment detection and conditional auth loading
+is_shinylive <- function() {
+  # Multiple checks for Shinylive/WebR environment
+  tryCatch({
+    # WebR runs on wasm32-unknown-emscripten platform
+    grepl("wasm", R.Version()$platform, ignore.case = TRUE) ||
+    # Shinylive doesn't have file system access in typical way
+    !file.exists("/") ||
+    # Check for WebR-specific environment variables
+    Sys.getenv("WEBR") == "1" ||
+    # Check if we're in a browser context (no real file system)
+    !capabilities("fifo")
+  }, error = function(e) {
+    # If checks fail, assume we're in Shinylive
+    TRUE
+  })
+}
+
+# Conditional auth0 loading
+if (!is_shinylive() && file.exists("_auth0.yml")) {
+  tryCatch({
+    library(auth0)
+    options(auth0_config_file = "_auth0.yml")
+    use_auth <- TRUE
+    cat("✓ Auth0 loaded successfully\n")
+  }, error = function(e) {
+    cat("⚠ Auth0 not available, running without authentication\n")
+    use_auth <- FALSE
+  })
+} else {
+  use_auth <- FALSE
+  if (is_shinylive()) {
+    cat("✓ Shinylive environment detected - running in public mode\n")
+  } else {
+    cat("⚠ No auth0 config found - running without authentication\n")
+  }
+}
+
 # Generate sample data
 set.seed(123)
 generate_sample_data <- function() {
@@ -965,5 +1003,11 @@ server <- function(input, output, session) {
   })
 }
 
-# For Shinylive compatibility - app object must be defined
-app <- shinyApp(ui = ui, server = server)
+# Conditional app creation based on environment
+if (use_auth) {
+  cat("🔒 Creating authenticated app with Auth0\n")
+  app <- auth0::shinyAppAuth0(ui, server)
+} else {
+  cat("🌐 Creating public app (no authentication)\n")
+  app <- shinyApp(ui = ui, server = server)
+}