chore(deploy): 将 DEPLOY_DOCKER_ENV 切换为 secrets

部署流程写入运行时 .env 时改用 secrets.DEPLOY_DOCKER_ENV，降低敏感配置在变量与日志中的暴露风险。 Made-with: Cursor
chore(deploy): 支持从 vars 读取镜像仓库凭据
2026-04-28 02:56:21 +08:00 · 2026-04-28 02:53:36 +08:00
1 changed files with 3 additions and 1 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -24,6 +24,8 @@ jobs:
        DEPLOY_PATH="${{ vars.DEPLOY_PATH }}"
        IMAGE_REPO="${{ vars.IMAGE_REPO }}"
        REGISTRY="${{ vars.REGISTRY }}"
        REGISTRY_USERNAME="${{ vars.REGISTRY_USERNAME }}"
        REGISTRY_PASSWORD="${{ vars.REGISTRY_PASSWORD }}"
        mkdir -p ~/.ssh
        echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
@@ -51,7 +53,7 @@ jobs:
        mkdir -p deploy/docker
        cat > deploy/docker/.env <<EOT
-        ${{ vars.DEPLOY_DOCKER_ENV }}
+        ${{ secrets.DEPLOY_DOCKER_ENV }}
        IMAGE_REPO=${IMAGE_REPO}
        IMAGE_TAG=${IMAGE_TAG}
        EOT
Author	SHA1	Message	Date
alboped	667832a585	chore(deploy): 将 DEPLOY_DOCKER_ENV 切换为 secrets Some checks failed CI / ci (push) Has been cancelled Details 部署流程写入运行时 .env 时改用 secrets.DEPLOY_DOCKER_ENV，降低敏感配置在变量与日志中的暴露风险。 Made-with: Cursor	2026-04-28 02:56:21 +08:00
alboped	c87db87f81	chore(deploy): 支持从 vars 读取镜像仓库凭据 All checks were successful CI / ci (push) Successful in 1m22s Details 在 deploy 流程中增加 REGISTRY_USERNAME 与 REGISTRY_PASSWORD 的 vars 注入，兼容当前 Gitea 环境未提供 secrets 配置入口的场景。 Made-with: Cursor	2026-04-28 02:53:36 +08:00