From fede1d93a87429bba6e0a4f94a4225bc29cf9e94 Mon Sep 17 00:00:00 2001 From: zhom <2717306+zhom@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:33:01 +0400 Subject: [PATCH] chore: pull turnstile public key in frontend at build time --- .github/workflows/release.yml | 7 +++++++ .github/workflows/rolling-release.yml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 102c8ab..7cf27e6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -139,6 +139,13 @@ jobs: run: pnpm install --frozen-lockfile - name: Build frontend + # NEXT_PUBLIC_* vars are inlined into the client bundle at build time, + # so they must be forwarded explicitly from secrets here — GitHub + # Secrets are NOT automatically exposed as env vars to `run` steps. + # If this env block is missing, released builds ship with undefined + # values where the Turnstile site key should be, and login breaks. + env: + NEXT_PUBLIC_TURNSTILE: ${{ secrets.NEXT_PUBLIC_TURNSTILE }} run: pnpm exec next build - name: Verify frontend dist exists diff --git a/.github/workflows/rolling-release.yml b/.github/workflows/rolling-release.yml index c282596..89e9098 100644 --- a/.github/workflows/rolling-release.yml +++ b/.github/workflows/rolling-release.yml @@ -138,6 +138,13 @@ jobs: run: pnpm install --frozen-lockfile - name: Build frontend + # NEXT_PUBLIC_* vars are inlined into the client bundle at build time, + # so they must be forwarded explicitly from secrets here — GitHub + # Secrets are NOT automatically exposed as env vars to `run` steps. + # If this env block is missing, released builds ship with undefined + # values where the Turnstile site key should be, and login breaks. + env: + NEXT_PUBLIC_TURNSTILE: ${{ secrets.NEXT_PUBLIC_TURNSTILE }} run: pnpm exec next build - name: Verify frontend dist exists