Takazudo Modular Docs

Type to search...

to open search from anywhere

GitHub Environment Variables

GitHub Environment Variables

This document describes the environment variables configured as GitHub Repository Secrets for the Takazudo Modular project.

Repository Secrets Overview

GitHub Repository Secrets are encrypted environment variables stored at the repository level and used in GitHub Actions workflows for sensitive data like API keys and authentication tokens.

Configured Environment Variables

1. Netlify Deployment

NETLIFY_AUTH_TOKEN

  • Type: 🔴 Secret (Authentication)
  • Usage: CI/CD deployments
  • Purpose: Authenticates netlify-cli for deployments
  • Used in:
    • main-deploy.yml - Production deployments
    • preview-deploy.yml - PR preview deployments
    • Future: Media CDN deployments
  • Generation: Netlify Dashboard → User Settings → Applications → Personal Access Tokens

NETLIFY_SITE_ID

  • Type: 🟢 Non-secret (Identifier)
  • Usage: CI/CD deployments
  • Purpose: Identifies the main Netlify site for deployments
  • Used in:
    • main-deploy.yml - --site=$NETLIFY_SITE_ID
    • preview-deploy.yml - Preview deployments
  • Format: UUID (e.g., xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

3. Cloudflare R2 (Image CDN)

R2_ACCOUNT_ID

  • Type: 🟢 Non-secret (Identifier)
  • Usage: Image upload/download scripts
  • Purpose: Cloudflare account identifier for R2 API access
  • Used in:
    • scripts/upload-images-to-r2.mjs - Upload images to R2
    • scripts/download-images-from-r2.mjs - Download images from R2

R2_ACCESS_KEY_ID

  • Type: 🔴 Secret (Authentication)
  • Usage: Image upload/download scripts
  • Purpose: S3-compatible access key for R2 API
  • Used in:
    • scripts/upload-images-to-r2.mjs
    • scripts/download-images-from-r2.mjs
  • Generation: Cloudflare Dashboard → R2 → Manage R2 API Tokens → Create API Token with Object Read & Write permission

R2_SECRET_ACCESS_KEY

  • Type: 🔴 Secret (Authentication)
  • Usage: Image upload/download scripts
  • Purpose: S3-compatible secret key for R2 API
  • Used in:
    • scripts/upload-images-to-r2.mjs
    • scripts/download-images-from-r2.mjs

R2_BUCKET_NAME

  • Type: 🟢 Non-secret (Identifier)
  • Usage: Image upload/download scripts
  • Purpose: R2 bucket name (optional, default: zmodmedia)
  • Used in:
    • scripts/upload-images-to-r2.mjs
    • scripts/download-images-from-r2.mjs

5. Production Deploy Notifications

IFTTT_PROD_NOTIFY

  • Type: 🔴 Secret (Webhook URL)
  • Usage: CI/CD notifications
  • Purpose: IFTTT webhook for sending mobile push notifications on production deploy success/failure
  • Used in:
    • main-deploy.yml - notify job (runs if: always())
  • Payload: value1 = status message, value2 = commit info, value3 = workflow run URL
  • Setup: https://ifttt.com/maker_webhooks → Create applet with Webhooks trigger
  • Note: Notification is silently skipped if the secret is not set

SLACK_PROD_NOTIFY

  • Type: 🔴 Secret (Webhook URL)
  • Usage: CI/CD notifications
  • Purpose: Slack incoming webhook for production deploy success/failure notifications
  • Used in:
    • main-deploy.yml - notify job (runs if: always())
  • Setup: Slack API → Apps → Incoming Webhooks → select channel
  • Note: Notification is silently skipped if the secret is not set

6. Claude Code Integration

CLAUDE_CODE_OAUTH_TOKEN

  • Type: 🔴 Secret (OAuth Token)
  • Usage: GitHub Actions automation
  • Purpose: Authenticates Claude Code GitHub Action for automated code reviews and assistance
  • Used in:
    • .github/workflows/claude.yml - Automated PR assistance
  • Features: Enables Claude to read CI results and provide contextual help on PRs

Usage in CI/CD Workflows

Deploy Notification Example

# main-deploy.yml - notify job
- name: Notify via IFTTT
  env:
    IFTTT_PROD_NOTIFY: ${{ secrets.IFTTT_PROD_NOTIFY }}
  run: |
    curl -sf -X POST "$IFTTT_PROD_NOTIFY" \
      -H 'Content-Type: application/json' \
      -d '{"value1": "succeeded", "value2": "abc1234 commit msg", "value3": "https://..."}'

Deployment Example

netlify deploy \
  --dir=out \
  --site=$NETLIFY_SITE_ID \
  --auth=$NETLIFY_AUTH_TOKEN \
  --message="Deploy message"

Local Development Setup

For local development, create a .env file based on .env.example:

# .env.example
NETLIFY_AUTH_TOKEN=xxxxxx
NETLIFY_SITE_ID=xxxxxx

Security Best Practices

  1. Never commit secrets to the repository
  2. Use appropriate access levels:
  • Admin/write keys: Only in GitHub Secrets
  • Read-only keys: Can be in code with restrictions
  • Identifiers: Generally safe to expose
  1. Rotate tokens regularly:
  • Netlify auth tokens: Every 90 days
  • API keys: Follow provider recommendations
  1. Use environment-specific keys:
  • Separate keys for development/staging/production
  • Different configurations for non-production

Adding New Secrets

To add a new secret to the repository:

  1. Go to Repository Settings → Secrets and variables → Actions
  2. Click “New repository secret”
  3. Enter the name (uppercase with underscores)
  4. Paste the secret value
  5. Update this documentation
  6. Update relevant workflow files to use the secret

Troubleshooting

Missing Environment Variables

  • Symptom: Build fails with “missing credentials”
  • Solution: Verify secrets are set in GitHub repository settings

Netlify Deploy Fails

  • Check: NETLIFY_AUTH_TOKEN has not expired
  • Verify: NETLIFY_SITE_ID matches your Netlify site

Claude Code Not Responding

  • Check: CLAUDE_CODE_OAUTH_TOKEN is valid
  • Verify: GitHub Actions workflow includes the Claude Code action