# GitHub Actions Setup Guide ## Required GitHub Secrets Add these secrets to your GitHub repository (Settings > Secrets and variables > Actions): ### AWS Credentials ``` AWS_ACCESS_KEY_ID=your-aws-access-key AWS_SECRET_ACCESS_KEY=your-aws-secret-key ``` ### JWT Configuration (CRITICAL - Generate secure random strings) ``` JWT_SECRET=your-super-secure-jwt-secret-key-here JWT_SECRET_REFRESH=your-super-secure-refresh-secret-key-here SECRET_KEY=your-general-encryption-secret-key-here ``` ### Admin Configuration ``` SUPER_ADMIN_EMAIL=admin@syncrow.ae SUPER_ADMIN_PASSWORD=YourSecureAdminPassword123! ``` ### Tuya IoT Configuration ``` TUYA_ACCESS_ID=your-tuya-access-id TUYA_ACCESS_KEY=your-tuya-access-key TRUN_ON_TUYA_SOCKET=true-or-false ``` ### Firebase Configuration ``` FIREBASE_API_KEY=your-firebase-api-key FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com FIREBASE_PROJECT_ID=your-project-id FIREBASE_STORAGE_BUCKET=your-project.appspot.com FIREBASE_MESSAGING_SENDER_ID=your-sender-id FIREBASE_APP_ID=your-app-id FIREBASE_MEASUREMENT_ID=your-measurement-id FIREBASE_DATABASE_URL=https://your-project.firebaseio.com ``` ### Google OAuth ``` GOOGLE_CLIENT_ID=your-google-client-id GOOGLE_CLIENT_SECRET=your-google-client-secret ``` ### OneSignal Push Notifications ``` ONESIGNAL_APP_ID=your-onesignal-app-id ONESIGNAL_API_KEY=your-onesignal-api-key ``` ### Email Configuration (SMTP) ``` SMTP_HOST=your-smtp-host SMTP_USER=your-smtp-username SMTP_PASSWORD=your-smtp-password ``` ### Mailtrap Configuration ``` MAILTRAP_API_TOKEN=your-mailtrap-api-token MAILTRAP_ENABLE_TEMPLATE_UUID=template-uuid MAILTRAP_DISABLE_TEMPLATE_UUID=template-uuid MAILTRAP_INVITATION_TEMPLATE_UUID=template-uuid MAILTRAP_DELETE_USER_TEMPLATE_UUID=template-uuid MAILTRAP_EDIT_USER_TEMPLATE_UUID=template-uuid ``` ### Optional Services (leave empty if not used) ``` AZURE_REDIS_CONNECTIONSTRING=your-redis-connection-string DOPPLER_PROJECT=your-doppler-project DOPPLER_CONFIG=your-doppler-config DOPPLER_ENVIRONMENT=your-doppler-environment ACCESS_KEY=your-access-key DOCKER_REGISTRY_SERVER_URL=your-registry-url DOCKER_REGISTRY_SERVER_USERNAME=your-registry-username DOCKER_REGISTRY_SERVER_PASSWORD=your-registry-password ``` ## Setup Steps 1. **Add AWS Credentials** - Create IAM user with ECR, ECS, CloudFormation permissions - Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to GitHub Secrets 2. **Generate JWT Secrets** - Use a secure random string generator - Make JWT_SECRET and JWT_SECRET_REFRESH different values - Keep these values secure and never share them 3. **Configure Services** - Add secrets for each service you're using - Leave unused services empty (they'll default to empty strings) 4. **Test Deployment** - Push to master/main branch - Check GitHub Actions tab for deployment status - Verify API is accessible at https://api.syncrow.me ## Security Notes - Never commit secrets to the repository - Use GitHub Secrets for all sensitive values - Rotate secrets regularly - Monitor GitHub Actions logs for any exposed values - Database password is automatically managed by AWS Secrets Manager ## Troubleshooting - Check GitHub Actions logs for deployment errors - Verify all required secrets are set - Ensure AWS credentials have sufficient permissions - Check ECS service logs in CloudWatch for runtime errors