diff --git a/templates/workflows/shared/branch-freeze.yml.template b/templates/workflows/shared/branch-freeze.yml.template index 5724322..1f2bb78 100644 --- a/templates/workflows/shared/branch-freeze.yml.template +++ b/templates/workflows/shared/branch-freeze.yml.template @@ -44,6 +44,7 @@ jobs: GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }} run: | ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" REPO="${{ github.repository }}" PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \ 2>/dev/null | jq -r '.permission' || echo "read") diff --git a/templates/workflows/shared/deploy-demo.yml.template b/templates/workflows/shared/deploy-demo.yml.template index ec77251..47d97ef 100644 --- a/templates/workflows/shared/deploy-demo.yml.template +++ b/templates/workflows/shared/deploy-demo.yml.template @@ -79,6 +79,7 @@ jobs: GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }} run: | ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" REPO="${{ github.repository }}" ORG="${{ github.repository_owner }}" @@ -637,6 +638,7 @@ jobs: REPO="${{ github.repository }}" RUN_URL="${{ github.server_url }}/${REPO}/actions/runs/${{ github.run_id }}" ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" BRANCH="${{ github.ref_name }}" EVENT="${{ github.event_name }}" NOW=$(date -u '+%Y-%m-%d %H:%M:%S UTC') diff --git a/templates/workflows/shared/deploy-dev.yml.template b/templates/workflows/shared/deploy-dev.yml.template index 36ba925..e2d50a0 100644 --- a/templates/workflows/shared/deploy-dev.yml.template +++ b/templates/workflows/shared/deploy-dev.yml.template @@ -83,6 +83,7 @@ jobs: GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }} run: | ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" REPO="${{ github.repository }}" ORG="${{ github.repository_owner }}" diff --git a/templates/workflows/shared/deploy-rs.yml.template b/templates/workflows/shared/deploy-rs.yml.template index 7100921..609f6c9 100644 --- a/templates/workflows/shared/deploy-rs.yml.template +++ b/templates/workflows/shared/deploy-rs.yml.template @@ -87,6 +87,7 @@ jobs: GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }} run: | ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" REPO="${{ github.repository }}" ORG="${{ github.repository_owner }}" @@ -579,6 +580,7 @@ jobs: REPO="${{ github.repository }}" RUN_URL="${{ github.server_url }}/${REPO}/actions/runs/${{ github.run_id }}" ACTOR="${{ github.actor }}" + ALLOWED_USERS="jmiller gitea-actions[bot]" BRANCH="${{ github.ref_name }}" EVENT="${{ github.event_name }}" NOW=$(date -u '+%Y-%m-%d %H:%M:%S UTC') diff --git a/templates/workflows/shared/export-mysql.yml.template b/templates/workflows/shared/export-mysql.yml.template index 543b7e8..687153f 100644 --- a/templates/workflows/shared/export-mysql.yml.template +++ b/templates/workflows/shared/export-mysql.yml.template @@ -45,18 +45,19 @@ on: # DEV_SSH_PORT — SSH port (default: 22) # DEV_SSH_USERNAME — SSH user # DEV_SSH_KEY — SSH private key -# DEV_MYSQL_DATABASE — Database name (e.g., joomla_dev) -# DEV_MYSQL_USER — MySQL user (default: root) -# DEV_MYSQL_PASSWORD — MySQL password (secret) +# DEV_PULL_PATH — Remote install path (repo variable) # # DEMO ENVIRONMENT — secrets/variables: # DEMO_FTP_HOST — Demo server hostname (reused from deploy) # DEMO_FTP_PORT — SSH port (reused, default: 22) # DEMO_FTP_USERNAME — SSH user (reused from deploy) # DEMO_FTP_KEY — SSH key (reused from deploy) -# DEMO_MYSQL_DATABASE — Database name -# DEMO_MYSQL_USER — MySQL user -# DEMO_MYSQL_PASSWORD — MySQL password (secret) +# DEMO_FTP_PATH — Remote install path (repo variable) +# +# MySQL credentials are read automatically from: +# Joomla: configuration.php ($user, $password, $db) +# Dolibarr: conf/conf.php ($dolibarr_main_db_user, etc.) +# No MySQL secrets needed — credentials come from the remote config file. # ────────────────────────────────────────────────────────────── permissions: @@ -142,25 +143,81 @@ jobs: PORT="${{ steps.env.outputs.port }}" USER="${{ steps.env.outputs.user }}" DB="${{ steps.env.outputs.database }}" - MYSQL_USER="${{ steps.env.outputs.mysql_user }}" ENV="${{ inputs.environment }}" + CONFIG_PATH="${{ vars.DEV_PULL_PATH || vars.DEMO_FTP_PATH }}" - # Get MySQL password - if [ "$ENV" = "dev" ]; then - MYSQL_PASS="${{ secrets.DEV_MYSQL_PASSWORD }}" - else - MYSQL_PASS="${{ secrets.DEMO_MYSQL_PASSWORD }}" + # Read MySQL credentials from the remote config file + # Joomla: configuration.php → $user, $password, $db + # Dolibarr: conf/conf.php → $dolibarr_main_db_user, $dolibarr_main_db_pass, $dolibarr_main_db_name + echo "Reading MySQL credentials from remote config file..." + + CREDS=$(ssh -p "${PORT}" -i ~/.ssh/export_key "${USER}@${HOST}" bash << 'SSHEOF' + # Try Joomla configuration.php first + for cfg in "{{CONFIG_PATH}}/configuration.php" "/var/www/html/configuration.php" "$(find /var/www -name 'configuration.php' -maxdepth 3 2>/dev/null | head -1)"; do + if [ -f "$cfg" ]; then + DB_USER=$(php -r "include '$cfg'; echo \$user ?? '';") + DB_PASS=$(php -r "include '$cfg'; echo \$password ?? '';") + DB_NAME=$(php -r "include '$cfg'; echo \$db ?? '';") + DB_HOST=$(php -r "include '$cfg'; echo \$host ?? 'localhost';") + if [ -n "$DB_USER" ] && [ -n "$DB_NAME" ]; then + echo "TYPE=joomla" + echo "DB_USER=$DB_USER" + echo "DB_PASS=$DB_PASS" + echo "DB_NAME=$DB_NAME" + echo "DB_HOST=$DB_HOST" + exit 0 + fi + fi + done + + # Try Dolibarr conf/conf.php + for cfg in "{{CONFIG_PATH}}/conf/conf.php" "/var/www/html/conf/conf.php" "$(find /var/www -name 'conf.php' -path '*/conf/*' -maxdepth 4 2>/dev/null | head -1)"; do + if [ -f "$cfg" ]; then + DB_USER=$(php -r "include '$cfg'; echo \$dolibarr_main_db_user ?? '';") + DB_PASS=$(php -r "include '$cfg'; echo \$dolibarr_main_db_pass ?? '';") + DB_NAME=$(php -r "include '$cfg'; echo \$dolibarr_main_db_name ?? '';") + DB_HOST=$(php -r "include '$cfg'; echo \$dolibarr_main_db_host ?? 'localhost';") + if [ -n "$DB_USER" ] && [ -n "$DB_NAME" ]; then + echo "TYPE=dolibarr" + echo "DB_USER=$DB_USER" + echo "DB_PASS=$DB_PASS" + echo "DB_NAME=$DB_NAME" + echo "DB_HOST=$DB_HOST" + exit 0 + fi + fi + done + + echo "TYPE=not_found" + SSHEOF + ) + + PLATFORM=$(echo "$CREDS" | grep "^TYPE=" | cut -d= -f2) + MYSQL_USER=$(echo "$CREDS" | grep "^DB_USER=" | cut -d= -f2-) + MYSQL_PASS=$(echo "$CREDS" | grep "^DB_PASS=" | cut -d= -f2-) + DB_NAME=$(echo "$CREDS" | grep "^DB_NAME=" | cut -d= -f2-) + DB_HOST_REMOTE=$(echo "$CREDS" | grep "^DB_HOST=" | cut -d= -f2-) + + if [ "$PLATFORM" = "not_found" ]; then + echo "ERROR: Could not find Joomla configuration.php or Dolibarr conf/conf.php on remote server" + exit 1 fi + # Override DB name if explicitly provided + [ -n "$DB" ] && DB_NAME="$DB" + + echo "Platform: ${PLATFORM}" + echo "Database: ${DB_NAME} (user: ${MYSQL_USER}, host: ${DB_HOST_REMOTE})" + TIMESTAMP=$(date -u +%Y%m%d_%H%M%S) - FILENAME="${DB}_${ENV}_${TIMESTAMP}.sql" + FILENAME="${DB_NAME}_${ENV}_${TIMESTAMP}.sql" - echo "Exporting ${DB} from ${HOST}..." + echo "Exporting ${DB_NAME} from ${HOST}..." - # Run mysqldump over SSH + # Run mysqldump over SSH using credentials from config file ssh -p "${PORT}" -i ~/.ssh/export_key "${USER}@${HOST}" \ "mysqldump --single-transaction --no-tablespaces --routines --triggers \ - -u ${MYSQL_USER} -p'${MYSQL_PASS}' ${DB}" \ + -h ${DB_HOST_REMOTE} -u ${MYSQL_USER} -p'${MYSQL_PASS}' ${DB_NAME}" \ > "/tmp/${FILENAME}" 2>/tmp/mysqldump.err if [ $? -ne 0 ]; then