From 5be30eb8c496589bfeb7c56f06ff9ace8ad4cf65 Mon Sep 17 00:00:00 2001
From: RJ <workgroup@rjianu.com>
Date: Wed, 19 Nov 2025 15:46:08 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=91=8B=20update=20workflow=20to=20use=20v?=
 =?UTF-8?q?ars=20and=20secrets=20not=20just=20secrets?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/main.yml | 28 ++++++++++++++--------------
 docker-compose.prod.yml   | 16 ++++++++--------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.gitea/workflows/main.yml b/.gitea/workflows/main.yml
index 9c4b848..adbb975 100644
--- a/.gitea/workflows/main.yml
+++ b/.gitea/workflows/main.yml
@@ -96,11 +96,11 @@ jobs:
           # - Uses Dockerfile.nextjs from project root
           # - Tags image with both 'latest' and commit SHA
           # - Enables inline cache for faster subsequent builds
+          # -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ❗ do this if deploying on PR creation
           docker build \
             --progress=plain \
             --build-arg BUILDKIT_INLINE_CACHE=1 \
             -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
-            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
             -f Dockerfile.nextjs \
             .
 
@@ -114,11 +114,11 @@ jobs:
 
           # Push both tags (latest and commit SHA)
           docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          # docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
 
           echo "✅ Image pushed successfully"
           echo "  - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
-          echo "  - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          # echo "  - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
 
   # ============================================
   # Job 2: Deploy to Production Server
@@ -129,7 +129,7 @@ jobs:
     needs: [build-and-push] # Wait for build job to complete
     environment:
       name: production
-      url: http://your-production-url.com # Update with your actual production URL
+      url: http://192.168.1.54:3030 # Update with your actual production URL
 
     steps:
       - name: 🔎 Checkout code (for docker-compose file)
@@ -142,8 +142,8 @@ jobs:
           REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
           REGISTRY_URL: ${{ env.REGISTRY }}
         with:
-          host: ${{ secrets.PRODUCTION_HOST }}
-          username: ${{ secrets.PRODUCTION_USER }}
+          host: ${{ vars.PRODUCTION_HOST }}
+          username: ${{ vars.PRODUCTION_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
           envs: REGISTRY_PASSWORD,REGISTRY_USERNAME,REGISTRY_URL
@@ -163,8 +163,8 @@ jobs:
       - name: 📁 Ensure application directory structure
         uses: appleboy/ssh-action@v1.0.3
         with:
-          host: ${{ secrets.PRODUCTION_HOST }}
-          username: ${{ secrets.PRODUCTION_USER }}
+          host: ${{ vars.PRODUCTION_HOST }}
+          username: ${{ vars.PRODUCTION_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
           script: |
@@ -198,8 +198,8 @@ jobs:
       - name: 📦 Copy docker-compose.prod.yml to server
         uses: appleboy/scp-action@v0.1.7
         with:
-          host: ${{ secrets.PRODUCTION_HOST }}
-          username: ${{ secrets.PRODUCTION_USER }}
+          host: ${{ vars.PRODUCTION_HOST }}
+          username: ${{ vars.PRODUCTION_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
           source: "docker-compose.prod.yml"
@@ -214,8 +214,8 @@ jobs:
           REGISTRY_URL: ${{ env.REGISTRY }}
           IMAGE_FULL: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
         with:
-          host: ${{ secrets.PRODUCTION_HOST }}
-          username: ${{ secrets.PRODUCTION_USER }}
+          host: ${{ vars.PRODUCTION_HOST }}
+          username: ${{ vars.PRODUCTION_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
           envs: REGISTRY_PASSWORD,REGISTRY_USERNAME,REGISTRY_URL,IMAGE_FULL
@@ -272,8 +272,8 @@ jobs:
       - name: ❤️ Health check
         uses: appleboy/ssh-action@v1.0.3
         with:
-          host: ${{ secrets.PRODUCTION_HOST }}
-          username: ${{ secrets.PRODUCTION_USER }}
+          host: ${{ vars.PRODUCTION_HOST }}
+          username: ${{ vars.PRODUCTION_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
           script: |
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 48cb140..6ac4caa 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -67,14 +67,14 @@ services:
 
     # Resource limits for production
     # Prevents container from consuming all server resources
-    deploy:
-      resources:
-        limits:
-          cpus: '1.0'         # Maximum 1 CPU core
-          memory: 512M        # Maximum 512MB RAM
-        reservations:
-          cpus: '0.25'        # Reserve at least 0.25 CPU cores
-          memory: 256M        # Reserve at least 256MB RAM
+    # deploy:
+    #   resources:
+    #     limits:
+    #       cpus: '1.0'         # Maximum 1 CPU core
+    #       memory: 512M        # Maximum 512MB RAM
+    #     reservations:
+    #       cpus: '0.25'        # Reserve at least 0.25 CPU cores
+    #       memory: 256M        # Reserve at least 256MB RAM
 
     # Network configuration
     networks: