From 387607a6644c9f95841b15450c6a70e0d1d6fa04 Mon Sep 17 00:00:00 2001
From: khalil-bot <khaliloulah7777@gmail.com>
Date: Tue, 19 May 2026 14:20:50 +0200
Subject: [PATCH] ci(ui): restrict Docker/deploy to main and inject API
 credentials

- Docker build & push and deploy jobs now run only on main (if: github.ref)
  so feature branches no longer trigger deploys
- Add Inject API credentials step before prod build: sed replaces
  __API_USERNAME__ and __API_PASSWORD__ placeholders using GitHub Secrets

Closes #38

Assisted-by: Claude:claude-sonnet-4-6
---
 .github/workflows/ui.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
index 507fa28..0180cb2 100644
--- a/.github/workflows/ui.yml
+++ b/.github/workflows/ui.yml
@@ -44,6 +44,11 @@ jobs:
       - name: Unit tests
         run: npm test -- --watch=false --browsers=ChromeHeadless
 
+      - name: Inject API credentials
+        run: |
+          sed -i "s/__API_USERNAME__/${{ secrets.API_USERNAME }}/g" src/environments/environment.prod.ts
+          sed -i "s/__API_PASSWORD__/${{ secrets.API_PASSWORD }}/g" src/environments/environment.prod.ts
+
       - name: Production build
         run: npm run build -- --configuration production
 
@@ -52,6 +57,7 @@ jobs:
     name: Docker build & push
     runs-on: ubuntu-latest
     needs: ci
+    if: github.ref == 'refs/heads/main'
     outputs:
       sha_tag: ${{ steps.tag.outputs.sha }}
 
@@ -98,6 +104,7 @@ jobs:
     name: Deploy
     runs-on: ubuntu-latest
     needs: docker
+    if: github.ref == 'refs/heads/main'
 
     steps:
       - name: SSH deploy