From d7190145385492331ffcc729d6ef2712a270b68f Mon Sep 17 00:00:00 2001
From: Martin Dimitrov <martin3dimitrov@gmail.com>
Date: Fri, 6 Mar 2026 13:13:36 -0800
Subject: [PATCH] refactor to use shared builds + secrets

---
 .gitea/workflows/build-homeassistant.yaml |  9 -----
 .gitea/workflows/deploy-twilio.yaml       | 48 ++++++++++++-----------
 packages/doorman-api/README.md            |  2 +
 3 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/.gitea/workflows/build-homeassistant.yaml b/.gitea/workflows/build-homeassistant.yaml
index 70b2fd4..faa88cd 100644
--- a/.gitea/workflows/build-homeassistant.yaml
+++ b/.gitea/workflows/build-homeassistant.yaml
@@ -8,22 +8,13 @@ jobs:
   diff:
     uses: martin/chromart-gitea-actions/.gitea/workflows/diff-output.yaml@main
     with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
       files: packages/doorman-homeassistant/**
-    secrets:
-      token: ${{ github.token }}
-
   docker:
     needs: diff
     if: ${{ needs.diff.outputs.is_changed == 'true' }}
     uses: martin/chromart-gitea-actions/.gitea/workflows/docker-publish-private.yaml@main
     with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
       image_name: doorman-homeassistant
-    secrets:
-      token: ${{ github.token }}
   deploy-gitainer:
     needs: docker
     uses: martin/chromart-gitea-actions/.gitea/workflows/gitainer-deploy.yaml@main
diff --git a/.gitea/workflows/deploy-twilio.yaml b/.gitea/workflows/deploy-twilio.yaml
index b859fdf..f61ba09 100644
--- a/.gitea/workflows/deploy-twilio.yaml
+++ b/.gitea/workflows/deploy-twilio.yaml
@@ -8,17 +8,15 @@ jobs:
   diff:
     uses: martin/chromart-gitea-actions/.gitea/workflows/diff-output.yaml@main
     with:
-      repository: ${{ github.repository }}
-      ref: ${{ github.ref }}
       files: packages/**
-    secrets:
-      token: ${{ github.token }}
-
   twilio:
     needs: diff
     if: ${{ needs.diff.outputs.is_changed == 'true' }}
     runs-on: ubuntu-22.04
     steps:
+      - name: Load Infisical Secrets
+        uses: https://gitea.chromart.cc/martin/chromart-gitea-actions/.gitea/actions/infisical-secrets@main
+
       - uses: actions/checkout@v4
         name: Check out code
       
@@ -32,30 +30,32 @@ jobs:
       - name: run local integration test
         run: bun integ-test:local
         env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
-          AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          DISCORD_CLIENT_SECRET: ${{ secrets.DISCORD_CLIENT_SECRET }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
+          AWS_ACCESS_KEY: ${{ env.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          DISCORD_BOT_TOKEN: ${{ env.DOORMAN_DISCORD_BOT_TOKEN }}
+          DISCORD_CLIENT_SECRET: ${{ env.DOORMAN_DISCORD_CLIENT_SECRET }}
 
       - name: Deploy Doorman UI and API to staging
         run: bun run deploy-serverless:staging 
         env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
-          AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
-          DISCORD_CLIENT_SECRET: ${{ secrets.DISCORD_CLIENT_SECRET }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
+
+          # required for deploy-serverless
+          AWS_ACCESS_KEY: ${{ env.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          DISCORD_BOT_TOKEN: ${{ env.DOORMAN_DISCORD_BOT_TOKEN }}
+          DISCORD_CLIENT_SECRET: ${{ env.DOORMAN_DISCORD_CLIENT_SECRET }}
           STAGE: staging
           DOORMAN_URL: https://doorman-6741-staging.twil.io
 
       - name: Deploy Doorman Buzzer Client to staging
         run: bun run deploy-buzzer-client:staging 
         env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
           STAGE: staging
           DOORMAN_URL: https://doorman-6741-staging.twil.io
 
@@ -68,15 +68,17 @@ jobs:
       - name: Promote Doorman UI and API staging to prod
         run: bun run deploy-serverless
         env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          # promote doesn't need the keys other than twilio. it copies from staging
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
           STAGE: prod 
           DOORMAN_URL: https://doorman.chromart.cc
 
       - name: Promote Doorman Buzzer Client staging to prod
         run: bun run deploy-buzzer-client
         env:
-          ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
-          AUTH_TOKEN: ${{ secrets.TWILIO_AUTH_TOKEN }}
+          # same for buzzer client
+          ACCOUNT_SID: ${{ env.DOORMAN_TWILIO_ACCOUNT_SID }}
+          AUTH_TOKEN: ${{ env.DOORMAN_TWILIO_AUTH_TOKEN }}
           STAGE: prod
           DOORMAN_URL: https://doorman.chromart.cc
diff --git a/packages/doorman-api/README.md b/packages/doorman-api/README.md
index 44c8732..824acae 100644
--- a/packages/doorman-api/README.md
+++ b/packages/doorman-api/README.md
@@ -61,3 +61,5 @@ It uses DDB for the backend
 After the twilio functions I have setup a cloudflare worker at https://doorman.chromart.cc to proxy the requests to the twilio lambda
 
 The cloudflare worker just proxies requests so the endpoint is a bit nicer
+
+trigger build
\ No newline at end of file