refactor to use shared builds + secrets

2026-03-06 13:13:36 -08:00 · 2026-03-06 13:13:36 -08:00 · d719014538
commit d719014538
parent 94c42075f7
3 changed files with 27 additions and 32 deletions
--- a/.gitea/workflows/build-homeassistant.yaml
+++ b/.gitea/workflows/build-homeassistant.yaml
@ -8,22 +8,13 @@ jobs:
  diff:
    uses: martin/chromart-gitea-actions/.gitea/workflows/diff-output.yaml@main
    with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
      files: packages/doorman-homeassistant/**
-    secrets:
-      token: ${{ github.token }}
-
  docker:
    needs: diff
    if: ${{ needs.diff.outputs.is_changed == 'true' }}
    uses: martin/chromart-gitea-actions/.gitea/workflows/docker-publish-private.yaml@main
    with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
      image_name: doorman-homeassistant
-    secrets:
-      token: ${{ github.token }}
  deploy-gitainer:
    needs: docker
    uses: martin/chromart-gitea-actions/.gitea/workflows/gitainer-deploy.yaml@main
--- a/.gitea/workflows/deploy-twilio.yaml
+++ b/.gitea/workflows/deploy-twilio.yaml
@ -8,17 +8,15 @@ jobs:
  diff:
    uses: martin/chromart-gitea-actions/.gitea/workflows/diff-output.yaml@main
    with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
      files: packages/**
-    secrets:
-      token: ${{ github.token }}
-
  twilio:
    needs: diff
    if: ${{ needs.diff.outputs.is_changed == 'true' }}
    runs-on: ubuntu-22.04
    steps:
+      - name: Load Infisical Secrets
+        uses: https://gitea.chromart.cc/martin/chromart-gitea-actions/.gitea/actions/infisical-secrets@main
+
      - uses: actions/checkout@v4
        name: Check out code
      
@ -32,30 +30,32 @@ jobs:
      - name: run local integration test
        run: bun integ-test:local
        env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
-          AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          DISCORD_CLIENT_SECRET: ${{ secrets.DISCORD_CLIENT_SECRET }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
+          AWS_ACCESS_KEY: ${{ env.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          DISCORD_BOT_TOKEN: ${{ env.DOORMAN_DISCORD_BOT_TOKEN }}
+          DISCORD_CLIENT_SECRET: ${{ env.DOORMAN_DISCORD_CLIENT_SECRET }}

      - name: Deploy Doorman UI and API to staging
        run: bun run deploy-serverless:staging 
        env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
-          AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          DISCORD_CLIENT_SECRET: ${{ secrets.DISCORD_CLIENT_SECRET }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
+
+          # required for deploy-serverless
+          AWS_ACCESS_KEY: ${{ env.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          DISCORD_BOT_TOKEN: ${{ env.DOORMAN_DISCORD_BOT_TOKEN }}
+          DISCORD_CLIENT_SECRET: ${{ env.DOORMAN_DISCORD_CLIENT_SECRET }}
          STAGE: staging
          DOORMAN_URL: https://doorman-6741-staging.twil.io

      - name: Deploy Doorman Buzzer Client to staging
        run: bun run deploy-buzzer-client:staging 
        env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
          STAGE: staging
          DOORMAN_URL: https://doorman-6741-staging.twil.io

@ -68,15 +68,17 @@ jobs:
      - name: Promote Doorman UI and API staging to prod
        run: bun run deploy-serverless
        env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          # promote doesn't need the keys other than twilio. it copies from staging
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
          STAGE: prod 
          DOORMAN_URL: https://doorman.chromart.cc

      - name: Promote Doorman Buzzer Client staging to prod
        run: bun run deploy-buzzer-client
        env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          # same for buzzer client
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
          STAGE: prod
          DOORMAN_URL: https://doorman.chromart.cc
--- a/packages/doorman-api/README.md
+++ b/packages/doorman-api/README.md
@ -61,3 +61,5 @@ It uses DDB for the backend
 After the twilio functions I have setup a cloudflare worker at https://doorman.chromart.cc to proxy the requests to the twilio lambda

 The cloudflare worker just proxies requests so the endpoint is a bit nicer
+
+trigger build