fix(og): final verified robust fix for OG images and CI
- Fixed font corruption: Replaced WOFF2/HTML stubs with valid binary WOFF (v1) fonts. - Verified local rendering: check:og script passes on production-like build. - Secure CI Env: Prevented backtick execution in deploy.yml using safe echo blocks. - Guaranteed Traefik Bypass: Priority 2000 and explicit PathPrefix whitelists in docker-compose.yml. - Middleware Bypass: Ensured OG routes are ignored by next-intl.
This commit is contained in:
@@ -281,55 +281,59 @@ jobs:
|
|||||||
# Gatekeeper Origin
|
# Gatekeeper Origin
|
||||||
GATEKEEPER_ORIGIN="$NEXT_PUBLIC_BASE_URL/gatekeeper"
|
GATEKEEPER_ORIGIN="$NEXT_PUBLIC_BASE_URL/gatekeeper"
|
||||||
|
|
||||||
cat > .env.deploy << EOF
|
{
|
||||||
# Generated by CI - $TARGET
|
echo "# Generated by CI - $TARGET"
|
||||||
IMAGE_TAG=$IMAGE_TAG
|
echo "IMAGE_TAG=$IMAGE_TAG"
|
||||||
NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
|
echo "NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL"
|
||||||
GATEKEEPER_ORIGIN=$GATEKEEPER_ORIGIN
|
echo "GATEKEEPER_ORIGIN=$GATEKEEPER_ORIGIN"
|
||||||
SENTRY_DSN=$SENTRY_DSN
|
echo "SENTRY_DSN=$SENTRY_DSN"
|
||||||
LOG_LEVEL=$LOG_LEVEL
|
echo "LOG_LEVEL=$LOG_LEVEL"
|
||||||
MAIL_HOST=$MAIL_HOST
|
echo "MAIL_HOST=$MAIL_HOST"
|
||||||
MAIL_PORT=$MAIL_PORT
|
echo "MAIL_PORT=$MAIL_PORT"
|
||||||
MAIL_USERNAME=$MAIL_USERNAME
|
echo "MAIL_USERNAME=$MAIL_USERNAME"
|
||||||
MAIL_PASSWORD=$MAIL_PASSWORD
|
echo "MAIL_PASSWORD=$MAIL_PASSWORD"
|
||||||
MAIL_FROM=$MAIL_FROM
|
echo "MAIL_FROM=$MAIL_FROM"
|
||||||
MAIL_RECIPIENTS=$MAIL_RECIPIENTS
|
echo "MAIL_RECIPIENTS=$MAIL_RECIPIENTS"
|
||||||
|
echo ""
|
||||||
|
echo "# Directus"
|
||||||
|
echo "DIRECTUS_URL=$DIRECTUS_URL"
|
||||||
|
echo "DIRECTUS_HOST=$DIRECTUS_HOST"
|
||||||
|
echo "DIRECTUS_KEY=$DIRECTUS_KEY"
|
||||||
|
echo "DIRECTUS_SECRET=$DIRECTUS_SECRET"
|
||||||
|
echo "DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL"
|
||||||
|
echo "DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD"
|
||||||
|
echo "DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME"
|
||||||
|
echo "DIRECTUS_DB_USER=$DIRECTUS_DB_USER"
|
||||||
|
echo "DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD"
|
||||||
|
echo "DIRECTUS_DB_CLIENT=pg"
|
||||||
|
echo "DIRECTUS_DB_HOST=directus-db"
|
||||||
|
echo "DIRECTUS_DB_PORT=5432"
|
||||||
|
echo "DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN"
|
||||||
|
echo "INTERNAL_DIRECTUS_URL=http://directus:8055"
|
||||||
|
echo ""
|
||||||
|
echo "# Gatekeeper"
|
||||||
|
echo "GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD"
|
||||||
|
echo "AUTH_COOKIE_NAME=klz_gatekeeper_session"
|
||||||
|
echo "COOKIE_DOMAIN=$COOKIE_DOMAIN"
|
||||||
|
echo ""
|
||||||
|
echo "# Analytics"
|
||||||
|
echo "UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID"
|
||||||
|
echo "UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT"
|
||||||
|
echo ""
|
||||||
|
echo "TARGET=$TARGET"
|
||||||
|
echo "SENTRY_ENVIRONMENT=$TARGET"
|
||||||
|
echo "PROJECT_NAME=$PROJECT_NAME"
|
||||||
|
echo "TRAEFIK_HOST_RULE=$TRAEFIK_RULE"
|
||||||
|
echo "TRAEFIK_HOST=$TRAEFIK_HOST"
|
||||||
|
echo "ENV_FILE=$ENV_FILE"
|
||||||
|
echo "COMPOSE_PROFILES=$COMPOSE_PROFILES"
|
||||||
|
echo "AUTH_MIDDLEWARE=$AUTH_MIDDLEWARE"
|
||||||
|
echo "AUTH_MIDDLEWARE_UNPROTECTED=$AUTH_MIDDLEWARE_UNPROTECTED"
|
||||||
|
} > .env.deploy
|
||||||
|
|
||||||
# Directus
|
echo "--- Generated .env.deploy ---"
|
||||||
DIRECTUS_URL=$DIRECTUS_URL
|
cat .env.deploy
|
||||||
DIRECTUS_HOST=$DIRECTUS_HOST
|
echo "----------------------------"
|
||||||
DIRECTUS_KEY=$DIRECTUS_KEY
|
|
||||||
DIRECTUS_SECRET=$DIRECTUS_SECRET
|
|
||||||
DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL
|
|
||||||
DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD
|
|
||||||
DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME
|
|
||||||
DIRECTUS_DB_USER=$DIRECTUS_DB_USER
|
|
||||||
DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD
|
|
||||||
DIRECTUS_DB_CLIENT=pg
|
|
||||||
DIRECTUS_DB_HOST=directus-db
|
|
||||||
DIRECTUS_DB_PORT=5432
|
|
||||||
DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN
|
|
||||||
INTERNAL_DIRECTUS_URL=http://directus:8055
|
|
||||||
|
|
||||||
# Gatekeeper
|
|
||||||
GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD
|
|
||||||
AUTH_COOKIE_NAME=klz_gatekeeper_session
|
|
||||||
COOKIE_DOMAIN=$COOKIE_DOMAIN
|
|
||||||
|
|
||||||
# Analytics
|
|
||||||
UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID
|
|
||||||
UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT
|
|
||||||
|
|
||||||
TARGET=$TARGET
|
|
||||||
SENTRY_ENVIRONMENT=$TARGET
|
|
||||||
PROJECT_NAME=$PROJECT_NAME
|
|
||||||
TRAEFIK_HOST_RULE="${TRAEFIK_RULE}"
|
|
||||||
TRAEFIK_HOST="${TRAEFIK_HOST}"
|
|
||||||
ENV_FILE=$ENV_FILE
|
|
||||||
COMPOSE_PROFILES=$COMPOSE_PROFILES
|
|
||||||
AUTH_MIDDLEWARE=$AUTH_MIDDLEWARE
|
|
||||||
AUTH_MIDDLEWARE_UNPROTECTED=$AUTH_MIDDLEWARE_UNPROTECTED
|
|
||||||
EOF
|
|
||||||
|
|
||||||
- name: 🚀 SSH Deploy
|
- name: 🚀 SSH Deploy
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|||||||
Reference in New Issue
Block a user