📄 production optimizations

.gitea/workflows/main.yml

@@ -88,6 +88,23 @@ jobs:
       - name: 🔎 Checkout code
         uses: actions/checkout@v4
 
+      - name: 📝 Create .env file from Gitea secrets
+        run: |
+          echo "Creating .env file for Docker build..."
+          cat > .env << EOF
+          # Build-time environment variables
+          NEXT_PUBLIC_SITE_URL=${{ secrets.NEXT_PUBLIC_SITE_URL }}
+          NODE_ENV=production
+          NEXT_TELEMETRY_DISABLED=1
+
+          # Add other build-time variables here as needed
+          # NEXT_PUBLIC_GA_ID=${{ secrets.NEXT_PUBLIC_GA_ID }}
+          EOF
+
+          echo "✅ .env file created successfully"
+          echo "Preview (secrets masked):"
+          cat .env | sed 's/=.*/=***MASKED***/g'
+
       # Insecure registry configuration - no authentication required
       # The registry at repository.workspace:5000 does not require login
       # Docker push/pull operations work without credentials
@@ -150,6 +167,10 @@ jobs:
 
           echo "✅ Image pushed successfully"
           echo "  - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
+          
+          # Clean up sensitive files
+          rm -f .env
+          echo "✅ Cleaned up .env file"
           # echo "  - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
 
   # ============================================