From 5b8d9e1f4a90ce95158c188f93ffbeddca4be0da Mon Sep 17 00:00:00 2001
From: Polianin Nikita <nikitkapolyanin@yandex.ru>
Date: Wed, 3 Jul 2024 00:05:01 +0300
Subject: [PATCH] build: add secret env

---
 .gitea/workflows/deploy-stage.yaml | 36 ++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/deploy-stage.yaml b/.gitea/workflows/deploy-stage.yaml
index 209708f..168087d 100644
--- a/.gitea/workflows/deploy-stage.yaml
+++ b/.gitea/workflows/deploy-stage.yaml
@@ -22,9 +22,6 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Create nuget.config from secret
-        run: echo "${{ secrets.NUGET_CONFIG }}" > nuget.config
-
       - name: Build and push Docker image
         run: |
           docker build --build-arg NUGET_USERNAME=${{ secrets.NUGET_USERNAME }} --build-arg NUGET_PASSWORD=${{ secrets.NUGET_PASSWORD }} -t ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest .
@@ -41,13 +38,44 @@ jobs:
           SSH_HOST: ${{ secrets.SSH_HOST }}
           SSH_USER: ${{ secrets.SSH_USER }}
           DOCKER_IMAGE: ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest
+          PATH_TO_SAVE: /data
+          SECURITY_SIGNING_TOKEN: ${{ secrets.SECURITY_SIGNING_TOKEN }}
+          SECURITY_ENCRYPTION_TOKEN: ${{ secrets.SECURITY_ENCRYPTION_TOKEN }}
+          SECURITY_LIFE_TIME_RT: ${{ secrets.SECURITY_LIFE_TIME_RT }}
+          SECURITY_LIFE_TIME_JWT: ${{ secrets.SECURITY_LIFE_TIME_JWT }}
+          SECURITY_LIFE_TIME_1_FA: ${{ secrets.SECURITY_LIFE_TIME_1_FA }}
+          SECURITY_JWT_ISSUER: ${{ secrets.SECURITY_JWT_ISSUER }}
+          SECURITY_JWT_AUDIENCE: ${{ secrets.SECURITY_JWT_AUDIENCE }}
+          SECURITY_HASH_ITERATION: ${{ secrets.SECURITY_HASH_ITERATION }}
+          SECURITY_HASH_MEMORY: ${{ secrets.SECURITY_HASH_MEMORY }}
+          SECURITY_HASH_PARALLELISM: ${{ secrets.SECURITY_HASH_PARALLELISM }}
+          SECURITY_HASH_SIZE: ${{ secrets.SECURITY_HASH_SIZE }}
+          SECURITY_HASH_TOKEN: ${{ secrets.SECURITY_HASH_TOKEN }}
+          SECURITY_SALT_SIZE: ${{ secrets.SECURITY_SALT_SIZE }}
         run: |
           ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
           ssh $SSH_USER@$SSH_HOST "
             docker pull $DOCKER_IMAGE &&
             docker stop mirea-backend || true &&
             docker rm mirea-backend || true &&
-            docker run -d --name mirea-backend -p 8085:8080 $DOCKER_IMAGE
+            docker run -d --name mirea-backend -p 8085:8080 \
+              -restart=on-failure \
+              -v mirea-data:/data \
+              -e PATH_TO_SAVE=$PATH_TO_SAVE \
+              -e SECURITY_SIGNING_TOKEN=$SECURITY_SIGNING_TOKEN \
+              -e SECURITY_ENCRYPTION_TOKEN=$SECURITY_ENCRYPTION_TOKEN \
+              -e SECURITY_LIFE_TIME_RT=$SECURITY_LIFE_TIME_RT \
+              -e SECURITY_LIFE_TIME_JWT=$SECURITY_LIFE_TIME_JWT \
+              -e SECURITY_LIFE_TIME_1_FA=$SECURITY_LIFE_TIME_1_FA \
+              -e SECURITY_JWT_ISSUER=$SECURITY_JWT_ISSUER \
+              -e SECURITY_JWT_AUDIENCE=$SECURITY_JWT_AUDIENCE \
+              -e SECURITY_HASH_ITERATION=$SECURITY_HASH_ITERATION \
+              -e SECURITY_HASH_MEMORY=$SECURITY_HASH_MEMORY \
+              -e SECURITY_HASH_PARALLELISM=$SECURITY_HASH_PARALLELISM \
+              -e SECURITY_HASH_SIZE=$SECURITY_HASH_SIZE \
+              -e SECURITY_HASH_TOKEN=$SECURITY_HASH_TOKEN \
+              -e SECURITY_SALT_SIZE=$SECURITY_SALT_SIZE \
+              $DOCKER_IMAGE
           "
 
       - name: Remove all keys from ssh-agent