From 1460ccf2c2fa8569a81017c6424f76fdcd8597f5 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Wed, 28 Feb 2024 04:24:38 -0800 Subject: [PATCH] fix(helm): replaced decoding by encoding in backend-secrets and added helm-test pw --- .github/workflows/helm-test.yml | 7 ++++++- charts/puris/templates/backend-secrets.yaml | 8 ++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 7529a288..3300a7b7 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -112,6 +112,11 @@ jobs: ct install --charts charts/puris --helm-extra-set-args "--set backend.image.repository=${{ env.REGISTRY }}/${{ env.APP_BACKEND_NAME}} --set backend.image.tag=${{ env.TAG }} --set frontend.image.repository=${{ env.REGISTRY }}/${{ env.APP_FRONTEND_NAME }} --set frontend.image.tag=${{ env.TAG }}" if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' + - name: Generate random password (This password is only a placeholder for the next step and will not used). The postgresPassword/password will be set via postgres-init.yaml. + id: generate-password + run: | + echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV + # Upgrade the released chart version with the locally available chart # default value for event_name != workflow_dispatch - name: Run helm upgrade @@ -120,5 +125,5 @@ jobs: helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev helm install puris tractusx-dev/puris --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} helm dependency update charts/puris - helm upgrade puris charts/puris + helm upgrade puris charts/puris --set backend.puris.datasource.password=$PASSWORD if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' diff --git a/charts/puris/templates/backend-secrets.yaml b/charts/puris/templates/backend-secrets.yaml index c9561cfc..df820dc5 100644 --- a/charts/puris/templates/backend-secrets.yaml +++ b/charts/puris/templates/backend-secrets.yaml @@ -13,12 +13,12 @@ data: # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too - puris-api-key: {{ (.Values.backend.puris.api.key | b64dec) | default (index $secret.data "puris-api-key") | quote }} - puris-datasource-password: {{ (.Values.backend.puris.datasource.password | b64dec) | default (index $secret.data "puris-datasource-password") | quote }} - puris-edc-controlplane-key: {{ (.Values.backend.puris.edc.controlplane.key | b64dec) | default (index $secret.data "puris-edc-controlplane-key") | quote }} + puris-api-key: {{ (.Values.backend.puris.api.key | b64enc) | default (index $secret.data "puris-api-key") | quote }} + puris-datasource-password: {{ (.Values.backend.puris.datasource.password | b64enc) | default (index $secret.data "puris-datasource-password") | quote }} + puris-edc-controlplane-key: {{ (.Values.backend.puris.edc.controlplane.key | b64enc) | default (index $secret.data "puris-edc-controlplane-key") | quote }} {{ else -}} stringData: -# if secret doesn't exist, use provided value from values file or generate a random one + # if secret doesn't exist, use provided value from values file or generate a random one puris-api-key: {{ .Values.backend.puris.api.key | default ( randAlphaNum 32 ) | quote }} puris-datasource-password: {{ .Values.backend.puris.datasource.password | default ( randAlphaNum 32 ) | quote }} puris-edc-controlplane-key: {{ .Values.backend.puris.edc.controlplane.key | default ( randAlphaNum 32 ) | quote }}