.gitea/workflows/deploy.yml

@@ -4,6 +4,12 @@ on:
       ssh-private-key:
         required: true
         type: string
+      certificate-pem:
+        required: false
+        type: string
+      private-key-pem:
+        required: false
+        type: string
     inputs:
       image:
         required: false
@@ -70,6 +76,29 @@ jobs:
       - name: Append kamal registry password
         run: echo "KAMAL_REGISTRY_PASSWORD=${{ inputs.password }}" >> .kamal/secrets.${{ inputs.environment }}
 
+      - name: Add optional PEM secrets to .env
+        run: |
+          ENV_FILE=".kamal/secrets.${{ inputs.environment }}"
+
+          # Add certificate-pem if present
+          if [[ -n "${{ secrets.certificate-pem }}" ]]; then
+            {
+              echo "";
+              echo "CERTIFICATE_PEM='";
+              echo "${{ secrets.certificate-pem }}";
+              echo "'";
+            } >> "$ENV_FILE"
+          fi
+
+          if [[ -n "${{ secrets.private-key-pem }}" ]]; then
+            {
+              echo "";
+              echo "PRIVATE_KEY_PEM='";
+              echo "${{ secrets.private-key-pem }}";
+              echo "'";
+            } >> "$ENV_FILE"
+          fi
+
       - name: Boot accessories
         run: kamal accessory reboot all -d ${{ inputs.environment }}