From 552aa65d659c6ca5f579fefa7ab17e6ef3503ae0 Mon Sep 17 00:00:00 2001
From: Vincent Chalamon <407859+vincentchalamon@users.noreply.github.com>
Date: Fri, 12 Jul 2024 10:48:38 +0200
Subject: [PATCH] fix: NEXT_PUBLIC_OIDC_SERVER_URL must be set on build to be
 accessed on client side

---
 .github/workflows/cd.yml | 9 +++++++++
 .github/workflows/ci.yml | 2 ++
 compose.prod.yaml        | 2 ++
 pwa/Dockerfile           | 2 ++
 4 files changed, 15 insertions(+)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 78b73871e..5c257dc1f 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -45,6 +45,15 @@ jobs:
       -
         name: Generate AUTH_SECRET
         run: echo "AUTH_SECRET=$(openssl rand -hex 32)" >> $GITHUB_ENV
+      # https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
+      -
+        name: Generate NEXT_PUBLIC_OIDC_SERVER_URL
+        run: |
+          if [ "${{ github.event_name }}" == "push" ]; then
+            echo "NEXT_PUBLIC_OIDC_SERVER_URL=https://demo.api-platform.com/oidc/realms/demo" >> $GITHUB_ENV
+          else
+            echo "NEXT_PUBLIC_OIDC_SERVER_URL=https://pr-${{ github.event.pull_request.number }}-demo.api-platform.com/oidc/realms/demo" >> $GITHUB_ENV
+          fi
       -
         name: Build Docker images
         uses: docker/bake-action@v5
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 06a719223..f8b1e6ddd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -106,6 +106,8 @@ jobs:
       POSTGRES_PASSWORD: aae5bf316ef5fe87ad806c6a9240fff68bcfdaf7
       KEYCLOAK_POSTGRES_PASSWORD: 26d7f630f1524eb210bbf496443f2038a9316e9e
       KEYCLOAK_ADMIN_PASSWORD: 2f31e2fad93941b818449fd8d57fd019b6ce7fa5
+      # https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
+      NEXT_PUBLIC_OIDC_SERVER_URL: https://localhost/oidc/realms/demo
       # https://docs.docker.com/compose/environment-variables/envvars/#compose_file
       COMPOSE_FILE: compose.yaml:compose.prod.yaml:compose.e2e.yaml
     steps:
diff --git a/compose.prod.yaml b/compose.prod.yaml
index 376c9898c..bfc0c38ee 100644
--- a/compose.prod.yaml
+++ b/compose.prod.yaml
@@ -18,6 +18,8 @@ services:
       target: prod
       args:
         AUTH_SECRET: ${AUTH_SECRET}
+        # https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
+        NEXT_PUBLIC_OIDC_SERVER_URL: ${NEXT_PUBLIC_OIDC_SERVER_URL}
     environment:
       AUTH_SECRET: ${AUTH_SECRET}
 
diff --git a/pwa/Dockerfile b/pwa/Dockerfile
index c8f81c967..4f50c66f0 100644
--- a/pwa/Dockerfile
+++ b/pwa/Dockerfile
@@ -42,6 +42,8 @@ RUN pnpm fetch --prod
 COPY --link . .
 
 ARG AUTH_SECRET
+# https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
+ARG NEXT_PUBLIC_OIDC_SERVER_URL
 
 RUN	pnpm install --frozen-lockfile --offline --prod && \
 	pnpm run build