diff --git a/.forgejo/workflows/ci-gates.yml b/.forgejo/workflows/ci-gates.yml index 63fdb96..c6f3f6f 100644 --- a/.forgejo/workflows/ci-gates.yml +++ b/.forgejo/workflows/ci-gates.yml @@ -108,4 +108,4 @@ jobs: run: | set -euo pipefail cd .repo - nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /' + bash ./scripts/build-web.sh diff --git a/.forgejo/workflows/deploy-cloudflare.yml b/.forgejo/workflows/deploy-cloudflare.yml index 9a1df1c..e22f4e6 100644 --- a/.forgejo/workflows/deploy-cloudflare.yml +++ b/.forgejo/workflows/deploy-cloudflare.yml @@ -83,7 +83,7 @@ jobs: run: | set -euo pipefail cd .repo - nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /' + bash ./scripts/build-web.sh deploy: if: ${{ github.server_url != 'https://codeberg.org' }} @@ -136,7 +136,7 @@ jobs: run: | set -euo pipefail cd .repo - nix develop --accept-flake-config -c age --version + nix develop --accept-flake-config -c bash -c 'command -v agenix >/dev/null' nix develop --accept-flake-config -c node --version nix develop --accept-flake-config -c npm --version nix develop --accept-flake-config -c wrangler --version @@ -191,7 +191,7 @@ jobs: echo "error: missing ${secret_file}" exit 2 fi - CLOUDFLARE_API_TOKEN="$(nix develop --accept-flake-config -c age -d -i "$key_file" "$secret_file")" + CLOUDFLARE_API_TOKEN="$(nix develop --accept-flake-config -c agenix -d "$secret_file" -i "$key_file")" if [[ -z "${CLOUDFLARE_API_TOKEN}" ]]; then echo "error: decrypted CLOUDFLARE_API_TOKEN is empty" exit 2 @@ -211,7 +211,7 @@ jobs: run: | set -euo pipefail cd .repo - nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /' + bash ./scripts/build-web.sh curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \ -H "content-type: application/json" \ diff --git a/evolution/proposals/ECP-0123-instant-station-guide-and-player-warmup.md b/evolution/proposals/ECP-0123-instant-station-guide-and-player-warmup.md index 17a8a81..a808839 100644 --- a/evolution/proposals/ECP-0123-instant-station-guide-and-player-warmup.md +++ b/evolution/proposals/ECP-0123-instant-station-guide-and-player-warmup.md @@ -59,3 +59,5 @@ prevents dynamic-linker failures from blocking the Cloudflare asset rollout. The workflow ECP gate starts at ECP-0120 because older proposals predate the current lint shape. The lint script uses ripgrep when available and falls back to GNU grep on the Forgejo runner. +Cloudflare deployment decrypts the API token through the repo's agenix workflow and builds web +assets through `scripts/build-web.sh` so local and runner build paths stay aligned.