From 2a7e6937e5d507561d2e5ab97a587ba73babc1be Mon Sep 17 00:00:00 2001
From: ValueOn AG <p.motsch@valueon.ch>
Date: Wed, 13 May 2026 00:06:35 +0200
Subject: [PATCH] env per instance

---
 .env.sample                        | 43 ------------------------------
 .github/workflows/build-deploy.yml | 21 +++++++++++++++
 Dockerfile                         |  1 +
 env-teamsbot-dev.env               | 39 +++++++++++++++++++++++++++
 env-teamsbot-main.env              | 39 +++++++++++++++++++++++++++
 5 files changed, 100 insertions(+), 43 deletions(-)
 delete mode 100644 .env.sample
 create mode 100644 env-teamsbot-dev.env
 create mode 100644 env-teamsbot-main.env

diff --git a/.env.sample b/.env.sample
deleted file mode 100644
index e6ce11f..0000000
--- a/.env.sample
+++ /dev/null
@@ -1,43 +0,0 @@
-# Service Configuration
-PORT=4100
-NODE_ENV=development
-
-# Gateway WebSocket Connection
-GATEWAY_WS_URL=wss://gateway-int.poweron-center.net/api/teamsbot/ws
-
-# Bot Configuration
-BOT_NAME=PowerOn AI
-BOT_HEADLESS=true
-
-# Static avatar tile (replaces Teams' green/spinning "no video" placeholder
-# with a quiet, single-color surface + the bot's display name in the
-# center). Recommended for the anonymous bot. Colors are CSS values.
-# BOT_USE_CANVAS_VIDEO=true
-# BOT_AVATAR_BG_COLOR=#a8d4f0
-# BOT_AVATAR_TEXT_COLOR=#1a3552
-
-# DEBUG ONLY - leave commented in normal operation.
-# Set to true to skip BOTH media wrappers (RTCPeerConnection wrapper +
-# getUserMedia override) for isolating Teams' anonymous lobby preheating
-# crash (rejectMediaDescriptionsUpdateAsync). With this on the bot has
-# no audio in/out, no captions, no greeting - it sits silently.
-# BOT_DISABLE_MEDIA_WRAPPERS=true
-
-# DEBUG ONLY - bisect the Teams anonymous preheated-PC crash by running
-# anon with the auth Chromium args (minimal flags) AND no stealth init.
-# BOT_ANON_USE_AUTH_BROWSER_SETUP=true
-
-# Playwright browser channel. Empty = bundled Chromium (default).
-# Set to 'chrome' or 'msedge' to use the locally installed real browser.
-# Strongly recommended for anonymous Teams joins: Playwright's bundled
-# Chromium gets detected as automation and forced into a lobby + the
-# buggy preheated-PC code path; real Chrome bypasses both.
-# BOT_BROWSER_CHANNEL=chrome
-
-# Logging
-LOG_LEVEL=info
-LOG_DIR=./output/logs
-
-# Screenshots (for debugging)
-SCREENSHOT_DIR=./output/screenshots
-SCREENSHOT_ON_ERROR=true
diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
index 6e6ac8d..8c40945 100644
--- a/.github/workflows/build-deploy.yml
+++ b/.github/workflows/build-deploy.yml
@@ -4,8 +4,14 @@ on:
   push:
     branches:
       - main
+      - dev
   workflow_dispatch:
 
+# Cancel in-progress runs when a new run is triggered (saves logs/storage)
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
   IMAGE_NAME: teams-browser-bot
   RESOURCE_GROUP: resource-core
@@ -19,6 +25,20 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5
 
+      - name: Determine environment
+        id: env
+        run: |
+          if [ "${{ github.ref }}" == "refs/heads/dev" ]; then
+            echo "env_file=env-teamsbot-dev.env" >> $GITHUB_OUTPUT
+          else
+            echo "env_file=env-teamsbot-main.env" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set environment
+        run: |
+          cp ${{ steps.env.outputs.env_file }} .env
+          rm -f env-teamsbot-*.env
+
       - name: Log in to Azure Container Registry
         uses: docker/login-action@v4
         with:
@@ -109,3 +129,4 @@ jobs:
           echo "### Deployed successfully! :rocket:" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "Image: \`${{ secrets.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "Env: \`${{ steps.env.outputs.env_file }}\`" >> $GITHUB_STEP_SUMMARY
diff --git a/Dockerfile b/Dockerfile
index ae89176..0463242 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,6 +28,7 @@ RUN apt-get update && apt-get install -y xvfb && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/node_modules ./node_modules
 COPY package*.json ./
+COPY .env ./
 
 # Real Google Chrome (stable channel) + its OS deps. Required for anonymous
 # Teams joins: the bundled Playwright Chromium gets detected as automation
diff --git a/env-teamsbot-dev.env b/env-teamsbot-dev.env
new file mode 100644
index 0000000..ef8defb
--- /dev/null
+++ b/env-teamsbot-dev.env
@@ -0,0 +1,39 @@
+# Service Configuration
+PORT=4100
+NODE_ENV=development
+
+# Gateway WebSocket Connection
+GATEWAY_WS_URL=wss://gateway-int.poweron-center.net/api/teamsbot/ws
+
+# Bot Configuration
+BOT_NAME=PowerOn AI
+BOT_HEADLESS=true
+
+# Static avatar tile (replaces Teams' green/spinning "no video" placeholder).
+# Colors only used when BOT_USE_CANVAS_VIDEO=true.
+BOT_USE_CANVAS_VIDEO=true
+BOT_AVATAR_BG_COLOR=#a8d4f0
+BOT_AVATAR_TEXT_COLOR=#1a3552
+
+# DEBUG history (12 May 2026):
+# - BOT_DISABLE_MEDIA_WRAPPERS=true: same crash, wrappers innocent
+# - BOT_ANON_USE_AUTH_BROWSER_SETUP=true: same crash, args/stealth innocent
+# Manual anon test in real Chrome incognito: NO lobby, joins fine.
+# => Teams detects Playwright's bundled Chromium as automation, FORCES the
+#    bot into a lobby + the buggy preheated-PC code path that crashes
+#    (rejectMediaDescriptionsUpdateAsync). Real Chrome avoids both.
+BOT_DISABLE_MEDIA_WRAPPERS=false
+BOT_ANON_USE_AUTH_BROWSER_SETUP=false
+
+# Use the locally installed Chrome instead of Playwright's bundled
+# Chromium. Empty = bundled Chromium (default).
+# Try: chrome | msedge
+BOT_BROWSER_CHANNEL=chrome
+
+# Logging
+LOG_LEVEL=info
+LOG_DIR=./output/logs
+
+# Screenshots (for debugging)
+SCREENSHOT_DIR=./output/screenshots
+SCREENSHOT_ON_ERROR=true
diff --git a/env-teamsbot-main.env b/env-teamsbot-main.env
new file mode 100644
index 0000000..ef8defb
--- /dev/null
+++ b/env-teamsbot-main.env
@@ -0,0 +1,39 @@
+# Service Configuration
+PORT=4100
+NODE_ENV=development
+
+# Gateway WebSocket Connection
+GATEWAY_WS_URL=wss://gateway-int.poweron-center.net/api/teamsbot/ws
+
+# Bot Configuration
+BOT_NAME=PowerOn AI
+BOT_HEADLESS=true
+
+# Static avatar tile (replaces Teams' green/spinning "no video" placeholder).
+# Colors only used when BOT_USE_CANVAS_VIDEO=true.
+BOT_USE_CANVAS_VIDEO=true
+BOT_AVATAR_BG_COLOR=#a8d4f0
+BOT_AVATAR_TEXT_COLOR=#1a3552
+
+# DEBUG history (12 May 2026):
+# - BOT_DISABLE_MEDIA_WRAPPERS=true: same crash, wrappers innocent
+# - BOT_ANON_USE_AUTH_BROWSER_SETUP=true: same crash, args/stealth innocent
+# Manual anon test in real Chrome incognito: NO lobby, joins fine.
+# => Teams detects Playwright's bundled Chromium as automation, FORCES the
+#    bot into a lobby + the buggy preheated-PC code path that crashes
+#    (rejectMediaDescriptionsUpdateAsync). Real Chrome avoids both.
+BOT_DISABLE_MEDIA_WRAPPERS=false
+BOT_ANON_USE_AUTH_BROWSER_SETUP=false
+
+# Use the locally installed Chrome instead of Playwright's bundled
+# Chromium. Empty = bundled Chromium (default).
+# Try: chrome | msedge
+BOT_BROWSER_CHANNEL=chrome
+
+# Logging
+LOG_LEVEL=info
+LOG_DIR=./output/logs
+
+# Screenshots (for debugging)
+SCREENSHOT_DIR=./output/screenshots
+SCREENSHOT_ON_ERROR=true