From ef1ae4bd9378350093f699a0a79207c58d97b484 Mon Sep 17 00:00:00 2001
From: "Trez.One" <charish.patel@trez.wtf>
Date: Thu, 2 Oct 2025 09:53:29 -0400
Subject: [PATCH] Changing .env generation in deployment workflows.

---
 .../workflows/pr-cloudflare-docker-deploy.yml | 41 +++++++------------
 .gitea/workflows/renovate-pr-deploy.yml       | 20 ++++-----
 2 files changed, 25 insertions(+), 36 deletions(-)

diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml
index 7edcc9fd..23fba78b 100644
--- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml
+++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml
@@ -180,14 +180,6 @@ jobs:
           username: ${{ secrets.BOT_GITEA_USER }}
           password: ${{ secrets.BOT_GITEA_PASSWORD }}
 
-      # - name: Generate .env file from Hashicorp Vault
-      #   uses: Simporter/get-env-file-from-vault@v1.0.3
-      #   with:
-      #     VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
-      #     VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
-      #     VAULT_PASSWORD: "${{ secrets.VAULT_GITEA_PASSWORD }}"
-      #     VAULT_SECRETS_PATH: rinoa-docker/env
-
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -196,22 +188,20 @@ jobs:
           notification_title: "GITEA: Docker Compose Dry Run @ Rinoa"
           notification_message: "Starting Docker Compose dry run..."
 
-      - name: Install Vault (only if not cached)
-        uses: cpanato/vault-installer@main
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
         with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
-      - name: Generate .env file for Docker Compose
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo ${DOCKER_SVC_LIST}
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: rinoa-docker/env
 
       - name: Pre-pull/build service images in parallel
         uses: ./.gitea/actions/docker-img-pre-pull
         with:
           services: ${{ env.DOCKER_SVC_LIST }}
           compose_profile: "rinoa-apps"
-          env_file: ".env"
 
       - name: Docker Compose Dry Run
         uses: hoverkraft-tech/compose-action@b716db5b717cb9b81e391fe638e5aceaa2299e43 # v2.4.0
@@ -424,11 +414,6 @@ jobs:
         with:
           ref: main
 
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-        with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
       - name: Login to Docker Hub
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
@@ -457,10 +442,14 @@ jobs:
           notification_title: "GITEA: Docker Compose Deployment @ Rinoa"
           notification_message: "Starting Docker Compose run..."
 
-      - name: Generate .env file for deployment
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo ${DOCKER_SVC_LIST}
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: rinoa-docker/env
 
       - name: Docker Compose Deployment
         uses: hoverkraft-tech/compose-action@b716db5b717cb9b81e391fe638e5aceaa2299e43 # v2.4.0
diff --git a/.gitea/workflows/renovate-pr-deploy.yml b/.gitea/workflows/renovate-pr-deploy.yml
index 645e882a..5bf9a8ba 100644
--- a/.gitea/workflows/renovate-pr-deploy.yml
+++ b/.gitea/workflows/renovate-pr-deploy.yml
@@ -15,6 +15,7 @@ env:
 
 jobs:
   deploy:
+    name: Renovate PR Deployment
     if: |
       github.event.pull_request.merged == true &&
       github.event.pull_request.user.login == 'renovate-bot'
@@ -25,11 +26,6 @@ jobs:
         with:
           fetch-depth: 0 # required so we can access main^1
 
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-        with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
       - name: Save docker-compose.yml before merge (old)
         run: |
           git fetch origin main
@@ -80,11 +76,6 @@ jobs:
           echo "No image tag/digest changes detected. Exiting."
           exit 0
 
-      - name: Generate .env file for Docker Compose
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' \
-            | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-
       - name: Gotify Notification (Start)
         uses: eikendev/gotify-action@master
         with:
@@ -93,6 +84,15 @@ jobs:
           notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa"
           notification_message: "Starting Docker Compose run..."
 
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: rinoa-docker/env
+
       - name: Docker Compose Deployment
         uses: hoverkraft-tech/compose-action@b716db5b717cb9b81e391fe638e5aceaa2299e43 # v2.4.0
         env: