From daee45b908685a69d3f08a9f117c958ddaf84f2f Mon Sep 17 00:00:00 2001
From: josedario87 <jodarioel87@gmail.com>
Date: Sat, 4 Oct 2025 15:20:03 -0600
Subject: [PATCH] Add secrets support to Gitea Actions workflow

- Create .env dynamically from Gitea secrets and variables
- Add SECRETS.md with configuration instructions
- Use secrets for sensitive data (PG_PASS, AUTHENTIK_SECRET_KEY)
- Use variables for non-sensitive config
---
 .gitea/workflows/deploy.yml | 24 ++++++++++++++++++++++++
 SECRETS.md                  | 30 ++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 SECRETS.md

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 7e6dfbc..3b89051 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -8,9 +8,33 @@ jobs:
   #───────────────── deploy ─────────────────
   deploy:
     runs-on: docker
+    env:
+      PG_PASS: ${{ secrets.PG_PASS }}
+      PG_USER: ${{ vars.PG_USER }}
+      PG_DB: ${{ vars.PG_DB }}
+      AUTHENTIK_SECRET_KEY: ${{ secrets.AUTHENTIK_SECRET_KEY }}
+      AUTHENTIK_ERROR_REPORTING__ENABLED: ${{ vars.AUTHENTIK_ERROR_REPORTING__ENABLED }}
+      AUTHENTIK_IMAGE: ${{ vars.AUTHENTIK_IMAGE }}
+      AUTHENTIK_TAG: ${{ vars.AUTHENTIK_TAG }}
+      COMPOSE_PORT_HTTP: ${{ vars.COMPOSE_PORT_HTTP }}
+      COMPOSE_PORT_HTTPS: ${{ vars.COMPOSE_PORT_HTTPS }}
     steps:
       - uses: actions/checkout@v3
 
+      - name: Create .env file from secrets
+        run: |
+          cat > .env << EOF
+          PG_PASS=${{ secrets.PG_PASS }}
+          PG_USER=${{ vars.PG_USER }}
+          PG_DB=${{ vars.PG_DB }}
+          AUTHENTIK_SECRET_KEY=${{ secrets.AUTHENTIK_SECRET_KEY }}
+          AUTHENTIK_ERROR_REPORTING__ENABLED=${{ vars.AUTHENTIK_ERROR_REPORTING__ENABLED }}
+          AUTHENTIK_IMAGE=${{ vars.AUTHENTIK_IMAGE }}
+          AUTHENTIK_TAG=${{ vars.AUTHENTIK_TAG }}
+          COMPOSE_PORT_HTTP=${{ vars.COMPOSE_PORT_HTTP }}
+          COMPOSE_PORT_HTTPS=${{ vars.COMPOSE_PORT_HTTPS }}
+          EOF
+
       - name: Ensure external docker network exists
         run: |
           docker network inspect principal >/dev/null 2>&1 || docker network create principal
diff --git a/SECRETS.md b/SECRETS.md
new file mode 100644
index 0000000..9918b94
--- /dev/null
+++ b/SECRETS.md
@@ -0,0 +1,30 @@
+# Configuración de Secrets y Variables en Gitea
+
+Ve a la configuración del repositorio en Gitea: **Settings → Secrets and Variables**
+
+## Secrets (datos sensibles)
+
+Crear los siguientes **Secrets**:
+
+| Nombre | Valor |
+|--------|-------|
+| `PG_PASS` | `jdCqHkd9t6Gnry2hqPCvmb1O0/EPtWVizWgi8iwvvotI8aHV` |
+| `AUTHENTIK_SECRET_KEY` | `f4e7VN546NgKVt6Q0qxgo+6T8nNfjMU5UWDcb+P/qHXUH4NJPXToH02ME59OtsUajjOUE4f2hI7mdz9d` |
+
+## Variables (configuración no sensible)
+
+Crear las siguientes **Variables**:
+
+| Nombre | Valor |
+|--------|-------|
+| `PG_USER` | `authentik` |
+| `PG_DB` | `authentik` |
+| `AUTHENTIK_ERROR_REPORTING__ENABLED` | `true` |
+| `AUTHENTIK_IMAGE` | `ghcr.io/goauthentik/server` |
+| `AUTHENTIK_TAG` | `2025.8.4` |
+| `COMPOSE_PORT_HTTP` | `9000` |
+| `COMPOSE_PORT_HTTPS` | `9443` |
+
+---
+
+**IMPORTANTE:** Después de crear estos secrets y variables, el workflow de Gitea Actions generará automáticamente el archivo `.env` durante el deployment.