fix(deploy): don't inject the CI runner token into ppms (drop --update-env)
All checks were successful
PR checks / checks (pull_request) Successful in 31s
All checks were successful
PR checks / checks (pull_request) Successful in 31s
The deploy job runs inside the Forgejo Actions runner, whose env includes an ephemeral FORGEJO_TOKEN (per-job token, revoked when the job ends). 'pm2 restart --update-env' injected it into ppms, where it shadowed the real PAT in .env (Next.js won't override an already-set process.env var) — so the Report Issue button 401'd once the job token expired. Plain restart keeps the daemon's clean env. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
1feb43186d
commit
2d6681014d
1 changed files with 7 additions and 1 deletions
|
|
@ -31,7 +31,13 @@ jobs:
|
|||
pnpm build # includes prisma generate
|
||||
pnpm db:migrate:deploy
|
||||
|
||||
pm2 restart ppms --update-env
|
||||
# NOT --update-env: this job runs inside the Forgejo Actions runner, whose
|
||||
# environment includes an ephemeral FORGEJO_TOKEN (the per-job token, revoked
|
||||
# when the job ends). --update-env would inject it into ppms, where it shadows
|
||||
# the real PAT from .env (Next.js does not override an already-set process.env
|
||||
# var) and breaks the Report Issue button once the job token expires. A plain
|
||||
# restart re-execs ppms from the pm2 daemon's clean env, so .env wins.
|
||||
pm2 restart ppms
|
||||
echo "=== Deployed $TAG ==="
|
||||
|
||||
- name: Verify portal responds
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue