Skip to content

Commit 6a22f1f

Browse files
ferruhcihansvcAPLBot
ferruhcihan
and
svcAPLBot
authored
feat: platform secrets as sealed secrets (#932)
* feat: update dependencies and enhance secret management * feat: sync values schema from apl-core and update workflows * feat: enhance schema fetching with branch fallback in workflow * feat: update user management * Merge branch 'main' into APL-523 * fix: otomi-stack * test: platform secrets * Revert "test: platform secrets" This reverts commit 4b03f28. * feat: update user management for sealed secrets * fix: get users * feat: add isK8sReachable function to improve local dev env * fix: get internal repositories * feat: sealed secret handling with users and settings management * fix: get internal repo urls * refactor: improve sealed secrets encryption checks and constants * feat: update sealed secret handling with constants * refactor: function for merge of encrypted secrets into settings * feat: improve extract and store settings secrets functionality * fix: imported file names * fix: list repo branches in the container image page --------- Co-authored-by: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com>
1 parent 4ac60f3 commit 6a22f1f

30 files changed

Lines changed: 1162 additions & 501 deletions

.github/workflows/main.yml

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@ name: Build test push release
99
on:
1010
push:
1111
branches:
12-
- '**'
12+
- "**"
1313
tags-ignore:
14-
- '*'
14+
- "*"
1515
env:
1616
COMMIT_MSG: ${{ github.event.head_commit.message }}
1717
CACHE_REGISTRY: ghcr.io
@@ -35,11 +35,21 @@ jobs:
3535
echo "TAG=$tag" >> $GITHUB_ENV
3636
- name: Checkout
3737
uses: actions/checkout@v6
38+
- name: Fetch values-schema.yaml from apl-core
39+
run: |
40+
# Try matching branch first, fall back to main
41+
curl -sL -f -H "Authorization: token ${{ env.BOT_TOKEN }}" \
42+
"https://raw.githubusercontent.com/linode/apl-core/${{ env.TAG }}/values-schema.yaml" \
43+
-o src/values-schema.yaml 2>/dev/null \
44+
|| curl -sL -f -H "Authorization: token ${{ env.BOT_TOKEN }}" \
45+
"https://raw.githubusercontent.com/linode/apl-core/main/values-schema.yaml" \
46+
-o src/values-schema.yaml
47+
echo "Schema fetched for branch: ${{ env.TAG }} (with main fallback)"
3848
- name: CI tests, image build and push tag for main or branch
3949
uses: whoan/docker-build-with-cache-action@v8
4050
with:
4151
username: ${{ env.BOT_USERNAME }}
42-
password: '${{ env.BOT_TOKEN }}'
52+
password: "${{ env.BOT_TOKEN }}"
4353
registry: ${{ env.CACHE_REGISTRY }}
4454
image_name: ${{ env.CACHE_REPO }}
4555
image_tag: ${{ env.TAG }}

.github/workflows/postman.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
name: 'postman'
1+
name: "postman"
22
on:
33
pull_request:
44
branches:
5-
- '*'
5+
- "*"
66
workflow_dispatch:
77
jobs:
88
postman:
@@ -57,6 +57,8 @@ jobs:
5757
npm install
5858
npm run compile
5959
NODE_PATH="/usr/local/lib/node_modules" npm run server > $GITHUB_WORKSPACE/core.log 2>&1 &
60+
- name: Sync values schema from apl-core
61+
run: cp apl-core/values-schema.yaml src/values-schema.yaml
6062
- name: Start api
6163
run: |
6264
npm install

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ kms.json*
4444

4545
/vendors/client/
4646
/src/generated-*
47+
/src/values-schema.yaml
4748
secrets.*.yaml.dec
4849

4950
#intelij

package-lock.json

Lines changed: 45 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
"@casl/ability": "6.8.0",
1414
"@kubernetes/client-node": "1.4.0",
1515
"@linode/api-v4": "0.158.0",
16+
"@linode/kubeseal-encrypt": "^1.0.1",
1617
"@types/json-schema": "7.0.15",
1718
"@types/jsonwebtoken": "9.0.10",
1819
"async-retry": "^1.3.3",
@@ -137,6 +138,7 @@
137138
"clean": "rm -rf dist >/dev/null",
138139
"cz": "git-cz",
139140
"cz:retry": "git-cz --retry",
141+
"predev": "npm run schema:sync",
140142
"dev": "run-p watch dev:node",
141143
"dev:node": "tsx watch --env-file=.env --inspect=4321 src/app.ts",
142144
"lint": "run-p types lint:ts",
@@ -146,6 +148,7 @@
146148
"postinstall": "npm run build:models",
147149
"pre-release:client": "npm version prerelease --preid rc --no-commit-hooks --no-git-tag-version && bin/release-client.sh",
148150
"release": "standard-version",
151+
"schema:sync": "APL_CORE_PATH=${APL_CORE_PATH:-../apl-core} && cp \"$APL_CORE_PATH/values-schema.yaml\" src/values-schema.yaml && echo \"Schema synced from $APL_CORE_PATH\"",
149152
"release:bump:minor": "standard-version --skip.changelog true --release-as minor",
150153
"release:client": "bin/release-client.sh",
151154
"start": "node dist/src/app.js",

0 commit comments

Comments
 (0)