ci: use enclave-key from server

PierreJeanjacquot · PierreJeanjacquot · commit b3853af2b4b6 · 2025-08-18T18:53:34.000+02:00
diff --git a/.github/workflows/reusable-api-deploy.yml b/.github/workflows/reusable-api-deploy.yml
@@ -58,6 +58,27 @@ jobs:
           fi
         shell: bash
 
+      - name: Check configuration files on server
+        run: |
+          ssh -o StrictHostKeyChecking=no \
+              -i ~/.ssh/ghrunnerci \
+              ${{ secrets.host }} << 'EOF'
+            cd /opt/iapp-api
+            missing=0
+            if [ ! -f .env.app ]; then
+              echo ".env.app file not found on remote server"
+              missing=1
+            fi
+            if [ ! -f sig/enclave-key.pem ]; then
+              echo "sig/enclave-key.pem not found on remote server"
+              missing=1
+            fi
+            if [ "$missing" -ne 0 ]; then
+              exit 1
+            fi
+          EOF
+        shell: bash
+
       - name: Prepare .env for Compose
         run: |
           printf "IMAGE_NAME=%s\nIMAGE_TAG=%s\n" "${{ env.IMAGE_NAME }}" "${{ inputs.tag }}"> .env
diff --git a/api/docker-compose.yml b/api/docker-compose.yml
@@ -8,7 +8,9 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       # .env.app already on the server
-      - ./.env.app:/app/.env
+      - ./.env.app:/app/.env:ro
+      # enclave key already on the server in sig/enclave-key.pem
+      - ./sig/:/app/sig/:ro
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
