CodeForAfrica · kilemensi · Sep 16, 2025 · Sep 15, 2025 · Sep 15, 2025 · Sep 15, 2025
diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
@@ -15,6 +15,10 @@ on:
         required: true
         type: string
         description: "The build args to use for the Docker image"
+      build_secrets:
+        required: false
+        type: string
+        description: "The build secrets to use for the Docker image"
 
 jobs:
   build:
@@ -56,13 +60,16 @@ jobs:
         with:
           build-args: |
             ${{ inputs.build_args }}
-            SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
             SENTRY_ORG=${{ vars.SENTRY_ORG }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
+          secrets: |
+            ${{ inputs.build_secrets }}
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
           tags: ${{ inputs.tags }}
           target: ${{ inputs.target }}
 

diff --git a/.github/workflows/charterafrica-deploy-dev.yml b/.github/workflows/charterafrica-deploy-dev.yml
@@ -58,10 +58,8 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
             NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}
-            PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
             SENTRY_ORG=${{ secrets.SENTRY_ORG }}
             SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}
@@ -71,7 +69,11 @@ jobs:
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongo_url=${{ secrets.CHARTERAFRICA_MONGO_URL }}"
+            "payload_secret_key=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
           target: charterafrica-runner
 

diff --git a/.github/workflows/charterafrica-deploy-prod.yml b/.github/workflows/charterafrica-deploy-prod.yml
@@ -81,22 +81,22 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
             NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}
             NEXT_PUBLIC_SEO_DISABLED=${{ env.NEXT_PUBLIC_SEO_DISABLED }}
-            PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           # TODO(xavier): Follow up if we can switch this to arm64
           platforms: linux/amd64
           push: true
           secrets: |
+            "mongo_url=${{ secrets.CHARTERAFRICA_MONGO_URL }}"
+            "payload_secret_key=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}"
           target: charterafrica-runner
 

diff --git a/.github/workflows/civicsignalblog-deploy-prod.yml b/.github/workflows/civicsignalblog-deploy-prod.yml
@@ -80,19 +80,18 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGO_URL=${{ secrets.CIVICSIGNALBLOG_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
-            PAYLOAD_SECRET=${{ secrets.CIVICSIGNALBLOG_PAYLOAD_SECRET }}
-            SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.CIVICSIGNALBLOG_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongo_url=${{ secrets.CIVICSIGNALBLOG_MONGO_URL }}"
+            "payload_secret=${{ secrets.CIVICSIGNALBLOG_PAYLOAD_SECRET }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CIVICSIGNALBLOG_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}"
           target: civicsignalblog-runner
 

diff --git a/.github/workflows/climatemappedafrica-deploy-dev.yml b/.github/workflows/climatemappedafrica-deploy-dev.yml
@@ -59,13 +59,17 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGO_URL=${{ secrets.CLIMATEMAPPEDAFRICA_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
-            PAYLOAD_SECRET=${{ secrets.CLIMATEMAPPEDAFRICA_PAYLOAD_SECRET }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
+          secrets: |
+            "mongo_url=${{ secrets.CLIMATEMAPPEDAFRICA_MONGO_URL }}"
+            "payload_secret=${{ secrets.CLIMATEMAPPEDAFRICA_PAYLOAD_SECRET }}"
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CLIMATEMAPPEDAFRICA_SENTRY_PROJECT }}"
           target: climatemappedafrica-runner
           push: true
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"

diff --git a/.github/workflows/codeforafrica-deploy-dev.yml b/.github/workflows/codeforafrica-deploy-dev.yml
@@ -60,21 +60,21 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
-            PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}
             NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
             NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongodb_url=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}"
+            "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
           target: codeforafrica-runner
 

diff --git a/.github/workflows/codeforafrica-deploy-prod.yml b/.github/workflows/codeforafrica-deploy-prod.yml
@@ -81,21 +81,21 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}
             NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
             NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
-            PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongodb_url=${{ secrets.CODEFORAFRICA_MONGODB_URL }}"
+            "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}"
           target: codeforafrica-runner
 

diff --git a/.github/workflows/codeforafrica-deploy-review-app.yml b/.github/workflows/codeforafrica-deploy-review-app.yml
@@ -22,6 +22,7 @@ env:
   NEXT_PUBLIC_APP_URL: "https://codeforafrica-ui-pr-${{github.event.pull_request.number}}.dev.codeforafrica.org"
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   APP_NAME: codeforafrica-ui-pr-${{ github.event.pull_request.number }}
+  SENTRY_ENVIRONMENT: "development"
 
 jobs:
   deploy_review_app:
@@ -58,15 +59,20 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}
             NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
             NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
-            PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}
+            SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
+          secrets: |
+            "mongodb_url=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}"
+            "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}"
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}"
           target: codeforafrica-runner
           push: true
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"

diff --git a/.github/workflows/pesayetu-deploy-dev.yml b/.github/workflows/pesayetu-deploy-dev.yml
@@ -61,19 +61,21 @@ jobs:
           build-args: |
             WORDPRESS_URL=${{ secrets.PESAYETU_WORDPRESS_URL }}
             WORDPRESS_MULTISITE_PREFIX=${{ secrets.PESAYETU_WORDPRESS_MULTISITE_PREFIX }}
-            WORDPRESS_PREVIEW_SECRET=${{ secrets.PESAYETU_WORDPRESS_PREVIEW_SECRET }}
-            WORDPRESS_APPLICATION_USERNAME=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_USERNAME }}
-            WORDPRESS_APPLICATION_PASSWORD=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_PASSWORD }}
-            JWT_SECRET_KEY=${{ secrets.PESAYETU_JWT_SECRET_KEY }}
             HURUMAP_API_URL=${{ secrets.PESAYETU_HURUMAP_API_URL }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.PESAYETU_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
+          secrets: |
+            "jwt_secret_key=${{ secrets.PESAYETU_JWT_SECRET_KEY }}"
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}"
+            "wordpress_preview_secret=${{ secrets.PESAYETU_WORDPRESS_PREVIEW_SECRET }}"
+            "wordpress_application_username=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_USERNAME }}"
+            "wordpress_application_password=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_PASSWORD }}"
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
           target: pesayetu-runner
 

diff --git a/.github/workflows/roboshield-deploy-dev.yml b/.github/workflows/roboshield-deploy-dev.yml
@@ -61,20 +61,20 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            MONGO_URL=${{ secrets.ROBOSHIELD_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
             NEXT_PUBLIC_SENTRY_DSN=${{ secrets.ROBOSHIELD_SENTRY_DSN }}
-            PAYLOAD_SECRET=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongo_url=${{ secrets.ROBOSHIELD_MONGO_URL }}"
+            "payload_secret=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
           target: roboshield-runner
 

diff --git a/.github/workflows/roboshield-deploy-prod.yml b/.github/workflows/roboshield-deploy-prod.yml
@@ -76,17 +76,18 @@ jobs:
             MONGO_URL=${{ secrets.ROBOSHIELD_MONGO_URL }}
             NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
             NEXT_PUBLIC_SENTRY_DSN=${{ secrets.ROBOSHIELD_SENTRY_DSN }}
-            PAYLOAD_SECRET=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}
             SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
-            SENTRY_ORG=${{ secrets.SENTRY_ORG }}
-            SENTRY_PROJECT=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           context: .
           platforms: linux/arm64
           push: true
           secrets: |
+            "mongo_url=${{ secrets.ROBOSHIELD_MONGO_URL }}"
+            "payload_secret=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}"
             "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}"
           tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}"
           target: roboshield-runner
 

diff --git a/.github/workflows/techlabblog-deploy-dev.yml b/.github/workflows/techlabblog-deploy-dev.yml
@@ -1,8 +1,10 @@
-name: Techlab Blog | Deploy | DEV
+name: TechLab Blog | Deploy | DEV
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
+
     paths:
       - "apps/techlabblog/**"
       - "Dockerfile"
@@ -13,23 +15,79 @@
   group: "${{ github.workflow }} @ ${{ github.ref }}"
   cancel-in-progress: true
 
+env:
+  APP_NAME: techlabblog-ui
+  DOKKU_REMOTE_BRANCH: "master"
+  DOKKU_REMOTE_URL: "ssh://azureuser@ui-1.dev.codeforafrica.org"
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  IMAGE_NAME: "codeforafrica/techlabblog"
+  NEXT_PUBLIC_APP_URL: "https://techlabblog-ui.dev.codeforafrica.org"
+  SENTRY_ENVIRONMENT: "development"
+
 jobs:
-  build-docker-image:
-    name: Build Docker Image
-    uses: ./.github/workflows/build-docker-image.yml
-    secrets: inherit
-    with:
-      tags: "codeforafrica/techlabblog:${{ github.sha }}"
-      target: "techlabblog-runner"
-      build_args: |
-        SENTRY_ENVIRONMENT=development
-        NEXT_PUBLIC_SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }}
-
-  push-to-dokku:
-    name: Push to Dokku
-    needs: [build-docker-image]
-    uses: ./.github/workflows/push-to-dokku.yml
-    secrets: inherit
-    with:
-      git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/techlabblog-ui"
-      deploy_docker_image: "codeforafrica/techlabblog:${{ github.sha }}"
+  deploy:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        node-version: [20.16]
+        os: [ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # Add support for more platforms with QEMU (optional)
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          path: /tmp/.buildx-cache
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          build-args: |
+            NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
+            NEXT_PUBLIC_SENTRY_DSN=${{ secrets.TECHLABBLOG_SENTRY_DSN }}
+            SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          context: .
+          platforms: linux/arm64
+          push: true
+          secrets: |
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.TECHLABBLOG_SENTRY_PROJECT }}"
+          tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          target: techlabblog-runner
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Push to Dokku
+        uses: dokku/github-action@v1.7.0
+        with:
+          git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/${{ env.APP_NAME }}
+          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
+          deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ github.sha }}