feat(automation): multi-environment n8n workflow deploy + admin SSO#65
Merged
Conversation
…rovider config Guard the Google passport strategy to only accept @strapi.io emails (reject others) and pass the request to the callback; mirror the Google provider config under config/env/production/admin.ts so it applies on Strapi Cloud. Drop an unnecessary @ts directive on the GoogleStrategy constructor (it suppressed no error and tripped the biome @ts-ignore->@ts-expect-error rule, breaking check-types). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add N8N_WEBHOOK_NAMESPACE (default "strapi") to prefix all lifecycle + security-scan webhook paths, so duplicate workflow sets sharing one n8n instance (e.g. staging vs production) post to distinct, non-colliding paths. Mirrored into config/env/production/plugins.ts so it resolves on Strapi Cloud. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Switch the Strapi-calling HTTP nodes from $env token auth to an n8n Header Auth credential (Strapi base URL becomes a per-instance literal); the Claude node uses the predefined Anthropic credential. Pin httpRequest nodes to typeVersion 4.4 and the n8n image to 2.27.4 for version portability, and drop the now-unused STRAPI_*/N8N_BLOCK_ENV_ACCESS compose env (auth is credential-based now). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Covers import, the post-import re-link of by-id references, the n8n credentials + Strapi env vars per instance, the N8N_WEBHOOK_NAMESPACE multi-env scheme, and activation. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
deploy-workflows.mjs deploys a workflow set to a target n8n instance for one environment: rewrites the Strapi base URL (from the localhost placeholder) and webhook paths to the env namespace, re-links the by-id references (executeWorkflow->render-email, errorWorkflow->error-handler), and re-attaches existing credential bindings by node name so re-deploys don't wipe them. README documents the deploy flow + per-set credentials/env vars + base-URL handling (9 nodes across 4 workflows), and adds a mermaid architecture diagram (Strapi <-> n8n <-> SendGrid/Slack/Anthropic). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
boazpoolman
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Prepares the community moderation automation to run across multiple environments on a shared n8n instance (staging + production), plus admin SSO hardening. Follows up the contract-drift fixes that already merged in #59.
All workflow changes were validated end-to-end against a local Strapi + n8n + Mailpit harness on staging data (all 8 lifecycle events fire correctly), and the imported workflows are live on the staging n8n.
Changes
feat(cms): admin Google SSO restricted to @strapi.io + production provider config@strapi.ioemails and passes the request to the callback.config/env/production/admin.tsso it applies on Strapi Cloud.@tsdirective on theGoogleStrategyconstructor (it suppressed no error and tripped biome's@ts-ignore→@ts-expect-errorrule, breakingcheck-types).feat(cms/moderation): configurable n8n webhook path namespaceN8N_WEBHOOK_NAMESPACE(defaultstrapi) prefixes all lifecycle + security-scan webhook paths./webhook/strapi/…, staging Strapi →/webhook/staging/….config/env/production/plugins.tsso it resolves on Strapi Cloud.fix(automation): credential-based Strapi auth + pin node/n8n versions$envtoken (base URL is a per-instance literal); the Claude node uses the predefined Anthropic credential. No runtime env vars needed in n8n.httpRequestnodes totypeVersion 4.4and the n8n image ton8nio/n8n:2.27.4for version portability; removes the now-unusedSTRAPI_*/N8N_BLOCK_ENV_ACCESS_IN_NODEcompose env.docs(automation): per-instance deploy READMEapps/automation/workflows/README.md: import, the post-import re-link of by-id references, the credentials + Strapi env vars per instance, theN8N_WEBHOOK_NAMESPACEscheme, and activation.Deploy notes (per environment)
N8N_WEBHOOK_NAMESPACEstrapi(or unset)/webhook/strapi/…strapi/…staging/webhook/staging/…staging/…Per n8n set you bind 5 credentials (Strapi API Header Auth, Webhook Auth Header Auth, SendGrid, Slack, Anthropic) and set the Strapi base URL on the 9 Strapi nodes — see the README. Strapi side still needs
N8N_WEBHOOK_BASE_URL/N8N_WEBHOOK_MODE=production/N8N_WEBHOOK_AUTH_HEADER/N8N_WEBHOOK_AUTH_VALUEand an API token.check-typespasses.🤖 Generated with Claude Code