From 7bb4b1dd5bd664343256bc867009787d9511f655 Mon Sep 17 00:00:00 2001
From: Till JS <tills95@gmail.com>
Date: Sun, 15 Mar 2026 09:07:52 +0100
Subject: [PATCH] fix(ci): auto-generate CALENDAR_ENCRYPTION_KEY in prod env

Adds a step to the CD pipeline that ensures CALENDAR_ENCRYPTION_KEY
exists in .env.macmini, generating one if missing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/cd-macmini.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/cd-macmini.yml b/.github/workflows/cd-macmini.yml
index 7a5aa80cf..6489bebbf 100644
--- a/.github/workflows/cd-macmini.yml
+++ b/.github/workflows/cd-macmini.yml
@@ -152,6 +152,15 @@ jobs:
           cd "${{ env.PROJECT_DIR }}"
           git pull origin main
 
+      - name: Ensure env vars exist
+        run: |
+          cd "${{ env.PROJECT_DIR }}"
+          # Add CALENDAR_ENCRYPTION_KEY if not present
+          if ! grep -q "CALENDAR_ENCRYPTION_KEY" "${{ env.ENV_FILE }}" 2>/dev/null; then
+            echo "CALENDAR_ENCRYPTION_KEY=$(openssl rand -base64 32)" >> "${{ env.ENV_FILE }}"
+            echo "Added CALENDAR_ENCRYPTION_KEY to ${{ env.ENV_FILE }}"
+          fi
+
       - name: Determine services to deploy
         id: services
         run: |