openclawd/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Session 48f: CI/CD secrets pipeline

Browse source
This commit is contained in:
Hoid 2026-02-17 12:09:13 +00:00
parent 0c3b694829
commit 45b166352c
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
projects/business/memory/sessions.md
View file

@ -1146,3 +1146,15 @@
- Container restarted, verification passed: health OK, Stripe checkout returns valid URL
- Commit 73fba68 deployed
- **This was the systemic root cause of recurring checkout failures.** Every `docker compose up -d --build` in a new shell lost the Stripe credentials. Now permanently fixed with `.env` file + CI/CD verification.
## Session 48f — 2026-02-17 11:52-12:10 UTC (CI/CD Secrets Pipeline)
- **Investor requested:** Move secrets from local .env to Forgejo CI/CD secrets
- Updated `.forgejo/workflows/deploy.yml` to inject secrets during deploy:
- Uses `envs` param + `env` block to pass `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, `DATABASE_PASSWORD` from Forgejo secrets
- Writes `.env` with `printf` before docker compose build
- Fails loudly if any secret value is empty
- Commit 60efc5e pushed to main
- **Investor action needed:** Add 3 secrets in Forgejo (Settings → Actions → Secrets):
- `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, `DATABASE_PASSWORD`
- Local `.env` on server remains as fallback until CI secrets are configured
- Note: `openclawd` Forgejo token is read-only (not admin), couldn't add secrets via API