fix: update jwt verification, and locales in supabase client #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy Web App | |
| on: | |
| push: | |
| branches: ["main"] | |
| jobs: | |
| build-deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build image | |
| run: | | |
| VERSION=$(date +%Y%m%d%H%M%S) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| docker build \ | |
| --build-arg NPM_TOKEN=${{ secrets.NPM_TOKEN }} \ | |
| --build-arg NEXT_PUBLIC_SITE_URL=${{ secrets.INFISICAL_WEB_APP_URL }} \ | |
| --build-arg NEXT_PUBLIC_SUPABASE_URL=${{ secrets.INFISICAL_SUPABASE_URL }} \ | |
| --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY=${{ secrets.INFISICAL_SUPABASE_ANON_KEY }} \ | |
| --build-arg NEXT_PUBLIC_REVENUECAT_API_KEY=${{ secrets.INFISICAL_REVENUECAT_API_KEY }} \ | |
| --build-arg NEXT_PUBLIC_NOVU_APP_IDENTIFIER=${{ secrets.INFISICAL_NOVU_APP_IDENTIFIER }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_API_KEY=${{ secrets.INFISICAL_FIREBASE_API_KEY }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=${{ secrets.INFISICAL_FIREBASE_AUTH_DOMAIN }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_PROJECT_ID=${{ secrets.INFISICAL_FIREBASE_PROJECT_ID }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=${{ secrets.INFISICAL_FIREBASE_STORAGE_BUCKET }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=${{ secrets.INFISICAL_FIREBASE_MESSAGING_SENDER_ID }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_APP_ID=${{ secrets.INFISICAL_FIREBASE_APP_ID }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID=${{ secrets.INFISICAL_FIREBASE_MEASUREMENT_ID }} \ | |
| --build-arg NEXT_PUBLIC_FIREBASE_FCM_VAPID_KEY=${{ secrets.INFISICAL_FIREBASE_FCM_VAPID_KEY }} \ | |
| --build-arg NEXT_PUBLIC_TMDB_IMAGE_BASE_URL=${{ secrets.INFISICAL_TMDB_IMAGE_BASE_URL }} \ | |
| --build-arg NEXT_PUBLIC_JUSTWATCH_API_KEY=${{ secrets.INFISICAL_JUSTWATCH_API_KEY }} \ | |
| --build-arg NEXT_PUBLIC_TURNSTILE_SITE_KEY=${{ secrets.INFISICAL_CLOUDFLARE_TURNSTILE_SITE_KEY }} \ | |
| -t ghcr.io/${{ github.repository_owner }}/web-app:$VERSION . | |
| docker tag ghcr.io/${{ github.repository_owner }}/web-app:$VERSION ghcr.io/${{ github.repository_owner }}/web-app:latest | |
| - name: Push image | |
| run: | | |
| docker push ghcr.io/${{ github.repository_owner }}/web-app:$VERSION | |
| docker push ghcr.io/${{ github.repository_owner }}/web-app:latest | |
| - name: Clone infra repo | |
| run: | | |
| git clone https://ci-bot:${{ secrets.PAT_TOKEN }}@github.com/${{ github.repository_owner }}/infra.git | |
| - name: Update web-app deployment image tag | |
| run: | | |
| cd infra/apps/services/web-app | |
| sed -i "s|image: ghcr.io.*/web-app.*|image: ghcr.io/${{ github.repository_owner }}/web-app:$VERSION|" deployment.yaml | |
| - name: Commit manifest change | |
| run: | | |
| cd infra | |
| git config user.name "ci-bot" | |
| git config user.email "ci-bot@github.com" | |
| git remote set-url origin https://ci-bot:${{ secrets.PAT_TOKEN }}@github.com/${{ github.repository_owner }}/infra.git | |
| git add . | |
| git commit -m "deploy: web-app $VERSION" || echo "No changes to commit" | |
| git push origin main | |
| env: | |
| GIT_AUTHOR_NAME: ci-bot | |
| GIT_AUTHOR_EMAIL: ci-bot@github.com | |
| GIT_COMMITTER_NAME: ci-bot | |
| GIT_COMMITTER_EMAIL: ci-bot@github.com |