ci: set private key from env (#6239)

packages/backend/server/scripts/self-host-predeploy.js

@@ -1,7 +1,10 @@
 import { execSync } from 'node:child_process';
+import { generateKeyPairSync } from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
 
+import { parse } from 'dotenv';
+
 const SELF_HOST_CONFIG_DIR = '/root/.affine/config';
 /**
  * @type {Array<{ from: string; to?: string, modifier?: (content: string): string }>}
@@ -36,6 +39,26 @@ function prepare() {
         });
       }
     }
+
+    // make the default .env
+    if (to === '.env') {
+      const dotenvFile = fs.readFileSync(targetFilePath, 'utf-8');
+      const envs = parse(dotenvFile);
+      // generate a new private key
+      if (!envs.AFFINE_PRIVATE_KEY) {
+        const privateKey = generateKeyPairSync('ec', {
+          namedCurve: 'prime256v1',
+        }).privateKey.export({
+          type: 'sec1',
+          format: 'pem',
+        });
+
+        fs.writeFileSync(
+          targetFilePath,
+          `AFFINE_PRIVATE_KEY=${privateKey}\n` + dotenvFile
+        );
+      }
+    }
   }
 }
 

packages/backend/server/src/fundamentals/config/default.ts

@@ -25,9 +25,10 @@ AwEHoUQDQgAEF3U/0wIeJ3jRKXeFKqQyBKlr9F7xaAUScRrAuSP33rajm3cdfihI
 const ONE_DAY_IN_SEC = 60 * 60 * 24;
 
 const keyPair = (function () {
-  const AUTH_PRIVATE_KEY = process.env.AUTH_PRIVATE_KEY ?? examplePrivateKey;
+  const AFFINE_PRIVATE_KEY =
+    process.env.AFFINE_PRIVATE_KEY ?? examplePrivateKey;
   const privateKey = createPrivateKey({
-    key: Buffer.from(AUTH_PRIVATE_KEY),
+    key: Buffer.from(AFFINE_PRIVATE_KEY),
     format: 'pem',
     type: 'sec1',
   })
@@ -37,7 +38,7 @@ const keyPair = (function () {
     })
     .toString('utf8');
   const publicKey = createPublicKey({
-    key: Buffer.from(AUTH_PRIVATE_KEY),
+    key: Buffer.from(AFFINE_PRIVATE_KEY),
     format: 'pem',
     type: 'spki',
   })