marcel/familienarchiv
1
0
Fork 0
Code Issues 121 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

ci(deploy): harden deploy-obs config step with set -euo pipefail

Browse Source 
A failed cp/mkdir in the deploy-configs step was previously swallowed (the step
had no set -e), so a broken config copy could still reach the validate step. The
five-key guard catches empty secrets but not a failed copy. -u also catches a
typo'd env var name. Raised in review (Sara, Tobias).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-06-02 19:37:56 +02:00
parent 02fb16a0bd
commit a47564934d
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitea/actions/deploy-obs/action.yml
View File

@@ -53,6 +53,7 @@ runs:
POSTGRES_PASSWORD: ${{ inputs.postgres_password }} POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
POSTGRES_HOST: ${{ inputs.postgres_host }} POSTGRES_HOST: ${{ inputs.postgres_host }}
run: | run: |
set -euo pipefail
rm -rf /opt/familienarchiv/infra/observability rm -rf /opt/familienarchiv/infra/observability
mkdir -p /opt/familienarchiv/infra/observability mkdir -p /opt/familienarchiv/infra/observability
cp -r infra/observability/. /opt/familienarchiv/infra/observability/ cp -r infra/observability/. /opt/familienarchiv/infra/observability/