Add secrets for custom certificate (#7)

Co-authored-by: Jamie Schouten <jamie@qlic.nl>
Reviewed-on: #7
Co-authored-by: Dominic Vos <dominic@qlic.nl>
Co-committed-by: Dominic Vos <dominic@qlic.nl>

.gitea/workflows/deploy.yml

@@ -4,6 +4,12 @@ on:
       ssh-private-key:
         required: true
         type: string
+      certificate-pem:
+        required: false
+        type: string
+      private-key-pem:
+        required: false
+        type: string
     inputs:
       image:
         required: false
@@ -70,6 +76,29 @@ jobs:
       - name: Append kamal registry password
         run: echo "KAMAL_REGISTRY_PASSWORD=${{ inputs.password }}" >> .kamal/secrets.${{ inputs.environment }}
 
+      - name: Add optional PEM secrets to .env
+        run: |
+          ENV_FILE=".kamal/secrets.${{ inputs.environment }}"
+
+          if [[ -n "${{ secrets.certificate-pem }}" ]]; then
+            echo "" >> "$ENV_FILE"
+            {
+              echo "CERTIFICATE_PEM='"
+              echo "${{ secrets.certificate-pem }}"
+              echo "'"
+            } >> "$ENV_FILE"
+          fi
+
+          if [[ -n "${{ secrets.private-key-pem }}" ]]; then
+            echo "" >> "$ENV_FILE"
+            {
+              echo "PRIVATE_KEY_PEM='"
+              echo "${{ secrets.private-key-pem }}"
+              echo "'"
+            } >> "$ENV_FILE"
+          fi
+
+
       - name: Boot accessories
         run: kamal accessory reboot all -d ${{ inputs.environment }}