fix: env read on build

Author: duylongpro99

.github/workflows/build-reusable.yml

@@ -3,13 +3,19 @@ name: Build Reusable Steps
 on:
   workflow_call:
     outputs:
-      build_output:  # Changed from build-output to build_output for consistency
+      build_output: # Changed from build-output to build_output for consistency
         description: "Build output artifact"
         value: ${{ jobs.build.outputs.build_output }}
 jobs:
   build:
     name: "Build Application"
     runs-on: ubuntu-latest
+    env:
+      NEXT_PUBLIC_CONVEX_URL: ${{ secrets.NEXT_PUBLIC_CONVEX_URL }}
+      CONVEX_DEPLOYMENT: ${{ secrets.CONVEX_DEPLOYMENT }}
+      CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
+      NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
+      LIVE_BLOCK_SECRET_API_KEY: ${{ secrets.LIVE_BLOCK_SECRET_API_KEY }}
     outputs:
       build_output: ${{ steps.build_step.outputs.result }}
 
@@ -55,32 +61,28 @@ jobs:
             pnpm install
           fi
       - name: Build
-        id: build_step  # Added this ID which is referenced in the outputs
+        id: build_step # Added this ID which is referenced in the outputs
         env:
           NEXT_PUBLIC_CONVEX_URL: ${{ secrets.NEXT_PUBLIC_CONVEX_URL }}
           CONVEX_DEPLOYMENT: ${{ secrets.CONVEX_DEPLOYMENT }}
           CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
           NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
           LIVE_BLOCK_SECRET_API_KEY: ${{ secrets.LIVE_BLOCK_SECRET_API_KEY }}
         run: |
-          # Create a clean .env file
-          rm -f .env
-          touch .env
-          
-          # Add each environment variable to .env file
-          # Using printf to avoid issues with special characters
-          printf "NEXT_PUBLIC_CONVEX_URL=%s\n" "$NEXT_PUBLIC_CONVEX_URL" >> .env
-          printf "CONVEX_DEPLOYMENT=%s\n" "$CONVEX_DEPLOYMENT" >> .env
-          printf "CLERK_SECRET_KEY=%s\n" "$CLERK_SECRET_KEY" >> .env
-          printf "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=%s\n" "$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY" >> .env
-          printf "LIVE_BLOCK_SECRET_API_KEY=%s\n" "$LIVE_BLOCK_SECRET_API_KEY" >> .env
-          
-          
+          # Create .env file more efficiently (single operation)
+          cat > .env << EOL
+          NEXT_PUBLIC_CONVEX_URL=${NEXT_PUBLIC_CONVEX_URL}
+          CONVEX_DEPLOYMENT=${CONVEX_DEPLOYMENT}
+          CLERK_SECRET_KEY=${CLERK_SECRET_KEY}
+          NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=${NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY}
+          LIVE_BLOCK_SECRET_API_KEY=${LIVE_BLOCK_SECRET_API_KEY}
+          EOL
+
           # Run the build command
-          pnpm build
-          
-          # Set output for the workflow
-          echo "result=success" >> $GITHUB_OUTPUT
+          pnpm build || exit 1  # Add error handling
+
+          # Set output for the workflow more securely
+          echo "result=success" >> "$GITHUB_OUTPUT"
 
       - name: Upload build artifacts
         uses: actions/upload-artifact@v4
@@ -92,4 +94,4 @@ jobs:
             package.json
             pnpm-lock.yaml
             next.config.js
-            .env
+            .env

src/app/api/auth/liveblocks/route.ts

@@ -1,12 +1,19 @@
 import { auth, currentUser } from "@clerk/nextjs/server";
-// import { Liveblocks } from "@liveblocks/node";
-// import { ConvexHttpClient } from "convex/browser";
-// import { api } from "../../../../../convex/_generated/api";
-
-// const convex = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
-// const liveblocks = new Liveblocks({
-//   secret: process.env.LIVE_BLOCK_SECRET_API_KEY!,
-// });
+import { Liveblocks } from "@liveblocks/node";
+import { ConvexHttpClient } from "convex/browser";
+import { api } from "../../../../../convex/_generated/api";
+
+// Ensure these environment variables are defined in your GitHub Actions workflow
+// Add error handling for missing environment variables
+const convex = new ConvexHttpClient(
+  process.env.NEXT_PUBLIC_CONVEX_URL ?? 
+  (() => { throw new Error("NEXT_PUBLIC_CONVEX_URL environment variable is not defined") })()
+);
+
+const liveblocks = new Liveblocks({
+  secret: process.env.LIVE_BLOCK_SECRET_API_KEY ?? 
+    (() => { throw new Error("LIVE_BLOCK_SECRET_API_KEY environment variable is not defined") })()
+});
 
 export async function POST(req: Request) {
   const { sessionClaims } = await auth();
@@ -16,31 +23,30 @@ export async function POST(req: Request) {
   if (!user) return new Response("Unauthorized", { status: 401 });
 
   const { room } = await req.json();
-  // const document = await convex.query(api.document.get, {
-  //   id: room,
-  //   ignoreAuth: true,
-  // });
-
-  // if (!document) return new Response("Unauthorized", { status: 401 });
-
-  // const isOwner = document.ownerId === user.id;
-  // const isOrgMember = !!(
-  //   document.organizationId && document.organizationId === sessionClaims.org_id
-  // );
-
-  // if (!isOwner && !isOrgMember)
-  //   return new Response("Unauthorized", { status: 401 });
-
-  // const session = liveblocks.prepareSession(user.id, {
-  //   userInfo: {
-  //     name:
-  //       user.fullName ?? user.primaryEmailAddress?.emailAddress ?? "Anonymous",
-  //     avatar: user.imageUrl,
-  //   },
-  // });
-
-  // session.allow(room, session.FULL_ACCESS);
-  // const { body, status } = await session.authorize();
-  // return new Response(body, { status });
-  return new Response(room, { status: 200 });
+  const document = await convex.query(api.document.get, {
+    id: room,
+    ignoreAuth: true,
+  });
+
+  if (!document) return new Response("Unauthorized", { status: 401 });
+
+  const isOwner = document.ownerId === user.id;
+  const isOrgMember = !!(
+    document.organizationId && document.organizationId === sessionClaims.org_id
+  );
+
+  if (!isOwner && !isOrgMember)
+    return new Response("Unauthorized", { status: 401 });
+
+  const session = liveblocks.prepareSession(user.id, {
+    userInfo: {
+      name:
+        user.fullName ?? user.primaryEmailAddress?.emailAddress ?? "Anonymous",
+      avatar: user.imageUrl,
+    },
+  });
+
+  session.allow(room, session.FULL_ACCESS);
+  const { body, status } = await session.authorize();
+  return new Response(body, { status });
 }