From 001209d12ce48f71ffb1e67f792ae2560c5ace03 Mon Sep 17 00:00:00 2001
From: Vincent <vincent@rigolet.tech>
Date: Sat, 21 Mar 2026 22:31:42 +0100
Subject: [PATCH] add secrets

---
 .gitea/workflows/deploy.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 3e9aef6..3f47533 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -39,10 +39,21 @@ jobs:
             ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
             "tar -xzf - -C ${{ steps.env.outputs.PROJECT_PATH }}"
 
-      - name: Setup env file
+            - name: Setup env file
         run: |
           ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
-            "cd ${{ steps.env.outputs.PROJECT_PATH }} && cp .env.example .env 2>/dev/null || true"
+            "cat > ${{ steps.env.outputs.PROJECT_PATH }}/.env << 'EOF'
+SECRET_KEY=${{ secrets.APP_SECRET_KEY }}
+DEBUG=false
+POSTGRES_DB=auditshield
+POSTGRES_USER=auditshield
+POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+DATABASE_URL=postgresql://auditshield:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/auditshield
+REDIS_URL=redis://redis:6379/0
+NEXT_PUBLIC_API_URL=https://auditshield.rigolet.tech
+DOMAIN=auditshield.rigolet.tech
+TAG=latest
+EOF"
 
       - name: Deploy
         run: |