Files
backend/GITHUB_SETUP.md
Ammar Qaffaf fbf62fcd66 Enhances CDK deployment process and documentation
Improves the deployment script to use the UAE  region and adds context for the CDK stack.
2025-07-07 09:37:10 +03:00

3.3 KiB

GitHub Actions Setup Guide

Required GitHub Secrets

Add these secrets to your GitHub repository (Settings > Secrets and variables > Actions):

AWS Credentials

AWS_ACCESS_KEY_ID=your-aws-access-key
AWS_SECRET_ACCESS_KEY=your-aws-secret-key

JWT Configuration (CRITICAL - Generate secure random strings)

JWT_SECRET=your-super-secure-jwt-secret-key-here
JWT_SECRET_REFRESH=your-super-secure-refresh-secret-key-here
SECRET_KEY=your-general-encryption-secret-key-here

Admin Configuration

SUPER_ADMIN_EMAIL=admin@syncrow.ae
SUPER_ADMIN_PASSWORD=YourSecureAdminPassword123!

Tuya IoT Configuration

TUYA_ACCESS_ID=your-tuya-access-id
TUYA_ACCESS_KEY=your-tuya-access-key
TRUN_ON_TUYA_SOCKET=true-or-false

Firebase Configuration

FIREBASE_API_KEY=your-firebase-api-key
FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com
FIREBASE_PROJECT_ID=your-project-id
FIREBASE_STORAGE_BUCKET=your-project.appspot.com
FIREBASE_MESSAGING_SENDER_ID=your-sender-id
FIREBASE_APP_ID=your-app-id
FIREBASE_MEASUREMENT_ID=your-measurement-id
FIREBASE_DATABASE_URL=https://your-project.firebaseio.com

Google OAuth

GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret

OneSignal Push Notifications

ONESIGNAL_APP_ID=your-onesignal-app-id
ONESIGNAL_API_KEY=your-onesignal-api-key

Email Configuration (SMTP)

SMTP_HOST=your-smtp-host
SMTP_USER=your-smtp-username
SMTP_PASSWORD=your-smtp-password

Mailtrap Configuration

MAILTRAP_API_TOKEN=your-mailtrap-api-token
MAILTRAP_ENABLE_TEMPLATE_UUID=template-uuid
MAILTRAP_DISABLE_TEMPLATE_UUID=template-uuid
MAILTRAP_INVITATION_TEMPLATE_UUID=template-uuid
MAILTRAP_DELETE_USER_TEMPLATE_UUID=template-uuid
MAILTRAP_EDIT_USER_TEMPLATE_UUID=template-uuid

Optional Services (leave empty if not used)

AZURE_REDIS_CONNECTIONSTRING=your-redis-connection-string
DOPPLER_PROJECT=your-doppler-project
DOPPLER_CONFIG=your-doppler-config
DOPPLER_ENVIRONMENT=your-doppler-environment
ACCESS_KEY=your-access-key
DOCKER_REGISTRY_SERVER_URL=your-registry-url
DOCKER_REGISTRY_SERVER_USERNAME=your-registry-username
DOCKER_REGISTRY_SERVER_PASSWORD=your-registry-password

Setup Steps

  1. Add AWS Credentials

    • Create IAM user with ECR, ECS, CloudFormation permissions
    • Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to GitHub Secrets
  2. Generate JWT Secrets

    • Use a secure random string generator
    • Make JWT_SECRET and JWT_SECRET_REFRESH different values
    • Keep these values secure and never share them
  3. Configure Services

    • Add secrets for each service you're using
    • Leave unused services empty (they'll default to empty strings)
  4. Test Deployment

    • Push to master/main branch
    • Check GitHub Actions tab for deployment status
    • Verify API is accessible at https://api.syncrow.me

Security Notes

  • Never commit secrets to the repository
  • Use GitHub Secrets for all sensitive values
  • Rotate secrets regularly
  • Monitor GitHub Actions logs for any exposed values
  • Database password is automatically managed by AWS Secrets Manager

Troubleshooting

  • Check GitHub Actions logs for deployment errors
  • Verify all required secrets are set
  • Ensure AWS credentials have sufficient permissions
  • Check ECS service logs in CloudWatch for runtime errors