Secure Gmail credentials for GitHub Pages deployment using GitHub Secrets

[Copilot]

Overview

This PR updates the GitHub Actions workflow for Next.js to securely configure Gmail email functionality for GitHub Pages production deployment. The implementation addresses issue #240 by adding required environment variables while also fixing a critical security vulnerability.

Changes Made

🔒 Security Enhancement

Critical Fix: The workflow previously contained hardcoded Gmail credentials directly in the YAML file, exposing sensitive information in version control. This has been replaced with GitHub Secrets:

# Before (Security Risk ⚠️)
GMAIL_USER="codestromhub@gmail.com"
GMAIL_APP_PASSWORD="rfmltjgaqdtzqhpv"  # Exposed password

# After (Secure ✅)
GMAIL_USER="${{ secrets.GMAIL_USER }}"
GMAIL_APP_PASSWORD="${{ secrets.GMAIL_APP_PASSWORD }}"  # Encrypted secret

📧 Gmail Integration

Added four new environment variables to enable email functionality via Gmail/Nodemailer:

• GMAIL_USER - Gmail email address for sending emails
• GMAIL_APP_PASSWORD - Gmail app password for SMTP authentication
• GMAIL_FROM - Display name shown in sent emails (e.g., "Wedding email@domain.com")
• TEST_EMAIL_TO - Test recipient email address for notifications

These variables are now sourced from GitHub Secrets for security and flexibility.

☁️ Cloudinary Configuration

Set Cloudinary credentials to empty strings as specified for GitHub Pages deployment (Cloudinary integration not used in static export):

CLOUDINARY_CLOUD_NAME=""
CLOUDINARY_API_KEY=""
CLOUDINARY_API_SECRET=""

📚 Documentation

New File: GITHUB_SECRETS_SETUP.md

Created a comprehensive 204-line guide covering:

• Detailed explanation of each required secret
• Step-by-step instructions for generating Gmail App Passwords
• How to configure secrets in GitHub repository settings
• Security best practices and troubleshooting
• Examples and visual guidance

Updated Documentation

• GITHUB_PAGES_DEPLOYMENT.md - Added "Required GitHub Secrets" section with setup instructions
• QUICK_DEPLOY_GITHUB_PAGES.md - Updated deployment steps to include all required secrets
• README.md - Added reference to the new secrets setup guide

Email Functionality

The wedding website uses Gmail (via Nodemailer) for:

• Contact form submissions
• RSVP confirmations
• Admin notifications

The email library (src/lib/email.ts) already supports these environment variables and will work seamlessly once the GitHub Secrets are configured.

Setup Required

Repository maintainers need to add the following secrets in Settings → Secrets and variables → Actions:

1. GMAIL_USER - Your Gmail email address
2. GMAIL_APP_PASSWORD - Generate at Google Account App Passwords
   • Requires 2-Factor Authentication enabled on Gmail
3. GMAIL_FROM - Display name for emails (e.g., "Wedding <email@domain.com>")
4. TEST_EMAIL_TO - Test recipient email address
5. WEB3FORMS_ACCESS_KEY - Web3Forms API key (may already be configured)

Detailed setup instructions are available in the new GITHUB_SECRETS_SETUP.md guide.

Testing

• ✅ YAML syntax validated with Python yaml module
• ✅ Environment variable interpolation tested
• ✅ All documentation reviewed for accuracy
• ✅ Follows GitHub security best practices

Benefits

• Secure: Credentials no longer exposed in version control
• Flexible: Easy to update credentials via GitHub UI without code changes
• Production Ready: Follows industry security standards
• Well Documented: Comprehensive guides for setup and troubleshooting
• Email Functional: Gmail integration ready for GitHub Pages deployment

Files Changed

• .github/workflows/nextjs.yml - Security enhancement with GitHub Secrets
• GITHUB_PAGES_DEPLOYMENT.md - Added secrets documentation
• QUICK_DEPLOY_GITHUB_PAGES.md - Updated setup steps
• GITHUB_SECRETS_SETUP.md - NEW: Comprehensive setup guide
• README.md - Added documentation reference

Resolves #240

Original prompt

---

This section details on the original issue you should resolve

<issue_title>> This pull request updates the environment variable configuration in the GitHub Actions workflow for Next.js. The main changes involve replacing placeholder Cloudinary credentials with empty strings and introducing new Gmail-related variables for email functionality, as well as a test email recipient.</issue_title>
<issue_description>> This pull request updates the environment variable configuration in the GitHub Actions workflow for Next.js. The main changes involve replacing placeholder Cloudinary credentials with empty strings and introducing new Gmail-related variables for email functionality, as well as a test email recipient.

Environment variable updates:

• Added GMAIL_USER, GMAIL_APP_PASSWORD, and GMAIL_FROM variables for Gmail integration.
• Added TEST_EMAIL_TO variable to specify the test email recipient.
• Set CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, and CLOUDINARY_API_SECRET to empty strings instead of placeholders.

This pull request updates the environment variable configuration in the GitHub Actions workflow for Next.js. The main changes involve replacing placeholder Cloudinary credentials with empty strings and introducing new Gmail-related variables for email functionality, as well as a test email recipient.

Environment variable updates:

• Added GMAIL_USER, GMAIL_APP_PASSWORD, and GMAIL_FROM variables for Gmail integration.
• Added TEST_EMAIL_TO variable to specify the test email recipient.
• Set CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, and CLOUDINARY_API_SECRET to empty strings instead of placeholders.

@copilot Use Gmail for send email from GitHub Pages Production

Originally posted by @rezwana-karim in #240 (comment)
</issue_description>

<agent_instructions>Review the repository first</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Fixes #241

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.