Remove build-time secrets, load NUXT_PUBLIC vars at runtime from Vault

.gitea/workflows/build.yaml

@@ -12,8 +12,6 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: network=dokploy-network
 
       - name: Login to Gitea Registry
         uses: docker/login-action@v3
@@ -28,12 +26,6 @@ jobs:
           context: .
           push: true
           tags: gitea.dsrptlab.com/optovia/webapp/webapp:latest
-          network: dokploy-network
-          build-args: |
-            VAULT_ADDR=${{ secrets.VAULT_ADDR }}
-            VAULT_TOKEN=${{ secrets.VAULT_TOKEN }}
-            VAULT_SHARED_PATH=shared
-            VAULT_PROJECT_PATH=webapp
 
       - name: Deploy to Dokploy
         run: curl -X POST "https://dokploy.optovia.ru/api/deploy/0_iNAXPDx28BLZIddGTzB"

Dockerfile

@@ -12,21 +12,11 @@ WORKDIR /app
 
 RUN corepack enable
 
-ARG VAULT_ADDR
-ARG VAULT_TOKEN
-ARG VAULT_SHARED_PATH
-ARG VAULT_PROJECT_PATH
-
-ENV VAULT_ADDR=$VAULT_ADDR \
-    VAULT_TOKEN=$VAULT_TOKEN \
-    VAULT_SHARED_PATH=$VAULT_SHARED_PATH \
-    VAULT_PROJECT_PATH=$VAULT_PROJECT_PATH
-
 COPY package.json pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile
 
 COPY . .
-RUN node scripts/load-secrets.mjs && . ./.env.infisical && pnpm run build
+RUN pnpm run build
 
 FROM node:22-slim