Skip to content

Commit 829053e

Browse files
rgilksrgilks
committed
Simplify secrets management - use only Cloudflare secrets
- Remove all secrets from GitHub Actions except CLOUDFLARE_API_TOKEN - Keep only NEXTAUTH_URL as environment variable in GitHub Actions - Make NEXTAUTH_SECRET required instead of AUTH_SECRET - All application secrets managed directly in Cloudflare
1 parent b71fab9 commit 829053e

File tree

3 files changed

+10
-20
lines changed

3 files changed

+10
-20
lines changed

.github/workflows/cloudflare-branch.yml

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ jobs:
1818
- name: Setup Node.js
1919
uses: actions/setup-node@v4
2020
with:
21-
node-version: '22'
22-
cache: 'npm'
21+
node-version: "22"
22+
cache: "npm"
2323

2424
- name: Install dependencies
2525
run: npm ci
@@ -41,8 +41,8 @@ jobs:
4141
- name: Setup Node.js
4242
uses: actions/setup-node@v4
4343
with:
44-
node-version: '22'
45-
cache: 'npm'
44+
node-version: "22"
45+
cache: "npm"
4646

4747
- name: Install dependencies
4848
run: npm ci
@@ -57,9 +57,4 @@ jobs:
5757
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
5858
command: deploy --minify
5959
env:
60-
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
6160
NEXTAUTH_URL: "https://comprehendo.tre.systems"
62-
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
63-
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
64-
GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
65-
ADMIN_EMAILS: ${{ secrets.ADMIN_EMAILS }}

.github/workflows/cloudflare.yml

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ jobs:
1616
- name: Setup Node.js
1717
uses: actions/setup-node@v4
1818
with:
19-
node-version: '22'
20-
cache: 'npm'
19+
node-version: "22"
20+
cache: "npm"
2121

2222
- name: Install dependencies
2323
run: npm ci
@@ -39,8 +39,8 @@ jobs:
3939
- name: Setup Node.js
4040
uses: actions/setup-node@v4
4141
with:
42-
node-version: '22'
43-
cache: 'npm'
42+
node-version: "22"
43+
cache: "npm"
4444

4545
- name: Install dependencies
4646
run: npm ci
@@ -55,9 +55,4 @@ jobs:
5555
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
5656
command: deploy --minify
5757
env:
58-
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
5958
NEXTAUTH_URL: "https://comprehendo.tre.systems"
60-
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
61-
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
62-
GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
63-
ADMIN_EMAILS: ${{ secrets.ADMIN_EMAILS }}

app/lib/config/authEnv.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ export const authEnvSchema = z
3131
GOOGLE_CLIENT_SECRET: z.string().optional(),
3232
DISCORD_CLIENT_ID: z.string().optional(),
3333
DISCORD_CLIENT_SECRET: z.string().optional(),
34-
AUTH_SECRET: z.string({ message: '[NextAuth] ERROR: AUTH_SECRET is missing!' }),
35-
NEXTAUTH_SECRET: z.string().optional(),
34+
AUTH_SECRET: z.string().optional(),
35+
NEXTAUTH_SECRET: z.string({ message: '[NextAuth] ERROR: NEXTAUTH_SECRET is missing!' }),
3636
NEXTAUTH_URL: z.string().pipe(z.url()).optional(),
3737
ADMIN_EMAILS: z
3838
.string()

0 commit comments

Comments
 (0)