hotfix: unblock deploy build (visitor-tracker auth env)#43
Merged
Conversation
The deploy workflow's composer install runs package:discover as a post-autoload-dump script, which boots the visitor-tracker package. Its dashboard guard throws on boot if no auth method is configured, and the GitHub runner sees none of the env vars from the server's .env file — so the deploy step was failing before SFTP could run. Set VISITOR_TRACKER_ALLOW_UNPROTECTED=true at the job level to mirror prod posture (server's .env continues to drive runtime behavior; this only unblocks the build). Also removes a tracked local IDE config file that should not be in version control.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
v1.4.0 deploy failed at the `composer install` step:
```
Visitor Tracker dashboard is enabled but unprotected. Configure at
least one of: visitor-tracker.dashboard.token (env
VISITOR_TRACKER_TOKEN), visitor-tracker.dashboard.gate, or add an auth
middleware (e.g. "auth") to visitor-tracker.dashboard.middleware.
```
Same root cause as the earlier CI fix: `composer install` runs
`package:discover` (a post-autoload-dump script), which boots the
visitor-tracker service provider, which trips its dashboard guard
because the GitHub runner has none of the env vars set on the OVH
server's .env file.
Fix
Set `VISITOR_TRACKER_ALLOW_UNPROTECTED=true` at the deploy job level.
Mirrors prod posture (Cloudflare Access still gates `/admin/` at the
edge in prod), and only affects build-time `package:discover` — the
server's .env continues to drive runtime behavior, and `deploy.yml`
already strips `bootstrap/cache/.php` before SFTP so no build-time
config leaks to prod.
Also removes a tracked local IDE config file that should not have
been committed.
After merge
Re-run the deploy workflow (`workflow_dispatch`) to ship v1.4.0.