feat: migration von directus zu payloadcms

.gitea/workflows/deploy.yml

@@ -34,7 +34,6 @@ jobs:
       traefik_host:     ${{ steps.determine.outputs.traefik_host }}
       traefik_rule:     ${{ steps.determine.outputs.traefik_rule }}
       next_public_url:  ${{ steps.determine.outputs.next_public_url }}
-      directus_url:     ${{ steps.determine.outputs.directus_url }}
       project_name:     ${{ steps.determine.outputs.project_name }}
       short_sha:        ${{ steps.determine.outputs.short_sha }}
     container:
@@ -102,7 +101,6 @@ jobs:
             echo "traefik_host=$PRIMARY_HOST"
             echo "traefik_rule=$TRAEFIK_RULE"
             echo "next_public_url=https://$PRIMARY_HOST"
-            echo "directus_url=https://cms.$PRIMARY_HOST"
             if [[ "$TARGET" == "production" ]]; then
               echo "project_name=klz-cablescom"
             elif [[ "$TARGET" == "branch" ]]; then
@@ -210,7 +208,6 @@ jobs:
           build-args: |
             NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }}
             NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
-            DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }}
             UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID }}
             UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }}
             NPM_TOKEN=${{ secrets.REGISTRY_PASS }}
@@ -232,19 +229,13 @@ jobs:
       IMAGE_TAG:            ${{ needs.prepare.outputs.image_tag }}
       PROJECT_NAME:         ${{ needs.prepare.outputs.project_name }}
       NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }}
-      DIRECTUS_URL:         ${{ needs.prepare.outputs.directus_url }}
-      DIRECTUS_HOST:        cms.${{ needs.prepare.outputs.traefik_host }}
       TRAEFIK_HOST:         ${{ needs.prepare.outputs.traefik_host }}
       
-      # Secrets mapping (Directus)
-      DIRECTUS_KEY:            ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_KEY) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_KEY) || secrets.DIRECTUS_KEY || vars.DIRECTUS_KEY }}
-      DIRECTUS_SECRET:         ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_SECRET) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_SECRET) || secrets.DIRECTUS_SECRET || vars.DIRECTUS_SECRET }}
-      DIRECTUS_ADMIN_EMAIL:    ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_ADMIN_EMAIL) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_ADMIN_EMAIL) || secrets.DIRECTUS_ADMIN_EMAIL || vars.DIRECTUS_ADMIN_EMAIL || 'admin@mintel.me' }}
-      DIRECTUS_ADMIN_PASSWORD: ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_ADMIN_PASSWORD) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_ADMIN_PASSWORD) || secrets.DIRECTUS_ADMIN_PASSWORD || vars.DIRECTUS_ADMIN_PASSWORD }}
-      DIRECTUS_DB_NAME:        ${{ secrets.DIRECTUS_DB_NAME || vars.DIRECTUS_DB_NAME || 'directus' }}
-      DIRECTUS_DB_USER:        ${{ secrets.DIRECTUS_DB_USER || vars.DIRECTUS_DB_USER || 'directus' }}
-      DIRECTUS_DB_PASSWORD:    ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_DB_PASSWORD) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_DB_PASSWORD) || secrets.DIRECTUS_DB_PASSWORD || vars.DIRECTUS_DB_PASSWORD || 'directus' }}
-      DIRECTUS_API_TOKEN:      ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_DIRECTUS_API_TOKEN) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_DIRECTUS_API_TOKEN) || secrets.DIRECTUS_API_TOKEN || vars.DIRECTUS_API_TOKEN }}
+      # Secrets mapping (Payload CMS)
+      PAYLOAD_SECRET:          ${{ secrets.PAYLOAD_SECRET || vars.PAYLOAD_SECRET || 'you-need-to-set-a-payload-secret' }}
+      PAYLOAD_DB_NAME:         ${{ secrets.PAYLOAD_DB_NAME || vars.PAYLOAD_DB_NAME || 'payload' }}
+      PAYLOAD_DB_USER:         ${{ secrets.PAYLOAD_DB_USER || vars.PAYLOAD_DB_USER || 'payload' }}
+      PAYLOAD_DB_PASSWORD:     ${{ (needs.prepare.outputs.target == 'testing' && secrets.TESTING_PAYLOAD_DB_PASSWORD) || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_PAYLOAD_DB_PASSWORD) || secrets.PAYLOAD_DB_PASSWORD || vars.PAYLOAD_DB_PASSWORD || 'payload' }}
       
       # Secrets mapping (Mail)
       MAIL_HOST:        ${{ secrets.SMTP_HOST || vars.SMTP_HOST }}
@@ -306,21 +297,11 @@ jobs:
             echo "MAIL_FROM=$MAIL_FROM"
             echo "MAIL_RECIPIENTS=$MAIL_RECIPIENTS"
             echo ""
-            echo "# Directus"
-            echo "DIRECTUS_URL=$DIRECTUS_URL"
-            echo "DIRECTUS_HOST=$DIRECTUS_HOST"
-            echo "DIRECTUS_KEY=$DIRECTUS_KEY"
-            echo "DIRECTUS_SECRET=$DIRECTUS_SECRET"
-            echo "DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL"
-            echo "DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD"
-            echo "DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME"
-            echo "DIRECTUS_DB_USER=$DIRECTUS_DB_USER"
-            echo "DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD"
-            echo "DIRECTUS_DB_CLIENT=pg"
-            echo "DIRECTUS_DB_HOST=directus-db"
-            echo "DIRECTUS_DB_PORT=5432"
-            echo "DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN"
-            echo "INTERNAL_DIRECTUS_URL=http://directus:8055"
+            echo "# Payload CMS"
+            echo "PAYLOAD_SECRET=$PAYLOAD_SECRET"
+            echo "PAYLOAD_DB_NAME=$PAYLOAD_DB_NAME"
+            echo "PAYLOAD_DB_USER=$PAYLOAD_DB_USER"
+            echo "PAYLOAD_DB_PASSWORD=$PAYLOAD_DB_PASSWORD"
             echo ""
             echo "# Gatekeeper"
             echo "GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD"
@@ -367,19 +348,15 @@ jobs:
           else
             SITE_DIR="/home/deploy/sites/branch.klz-cables.com/${SLUG:-unknown}"
           fi
-          ssh root@alpha.mintel.me "mkdir -p $SITE_DIR/directus/schema $SITE_DIR/directus/uploads $SITE_DIR/directus/extensions"
+          ssh root@alpha.mintel.me "mkdir -p $SITE_DIR"
           
           scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE
           scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml
-          scp -r directus/schema root@alpha.mintel.me:$SITE_DIR/directus/
           
           ssh root@alpha.mintel.me "cd $SITE_DIR && echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin"
           ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull"
           ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans"
           
-          # Apply Directus Schema Snapshot if available
-          ssh root@alpha.mintel.me "cd $SITE_DIR && if docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' exec -T directus ls /directus/schema/snapshot.yaml >/dev/null 2>&1; then echo '→ Applying Directus Schema Snapshot...' && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' exec -T directus npx directus schema apply /directus/schema/snapshot.yaml --yes; fi"
-          
           ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'"
 
       - name: 🧹 Post-Deploy Cleanup (Runner)
@@ -604,6 +581,11 @@ jobs:
           NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }}
           GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }}
         run: pnpm check:links
+      - name: 🖼️ Dynamic Asset & Image Integrity Scan
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }}
+          GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }}
+        run: pnpm check:assets
 
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 10: Notifications