Double test branch

.github/workflows/deploy-to-k8s.yml

@@ -231,6 +231,9 @@ jobs:
       auth_url: ${{ steps.set-vars.outputs.AUTH_URL }}
       genai_url: ${{ steps.set-vars.outputs.GENAI_URL }}
       realtime_url: ${{ steps.set-vars.outputs.REALTIME_URL }}
+      keycloak_client_secret: ${{ steps.set-vars.outputs.KEYCLOAK_CLIENT_SECRET }}
+      nextauth_secret: ${{ steps.set-vars.outputs.NEXTAUTH_SECRET }}
+      postgresql_secret: ${{ steps.set-vars.outputs.POSTGRESQL_SECRET }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -251,6 +254,9 @@ jobs:
             echo "NAMESPACE=production" >> $GITHUB_ENV
             echo "IMAGE_TAG=latest" >> $GITHUB_ENV
             echo "VALUES_FILE=./infrastructure/whiteboard-app/production.values.yaml" >> $GITHUB_ENV
+            echo "KEYCLOAK_CLIENT_SECRET=${{ secrets.PRODUCTION_KEYCLOAK_CLIENT_SECRET }}" >> $GITHUB_ENV
+            echo "NEXTAUTH_SECRET=${{ secrets.PRODUCTION_NEXTAUTH_SECRET }}" >> $GITHUB_ENV
+            echo "POSTGRESQL_SECRET=${{ secrets.PRODUCTION_DB_PASSWORD }}" >> $GITHUB_ENV
           elif [[ "$BRANCH" == "develop" ]]; then
             CLIENT_URL=staging.whiteboard.student.k8s.aet.cit.tum.de
             SERVER_URL=staging.api.whiteboard.student.k8s.aet.cit.tum.de
@@ -260,6 +266,9 @@ jobs:
             echo "NAMESPACE=staging" >> $GITHUB_ENV
             echo "IMAGE_TAG=develop" >> $GITHUB_ENV
             echo "VALUES_FILE=./infrastructure/whiteboard-app/staging.values.yaml" >> $GITHUB_ENV
+            echo "KEYCLOAK_CLIENT_SECRET=${{ secrets.STAGING_KEYCLOAK_CLIENT_SECRET }}" >> $GITHUB_ENV
+            echo "NEXTAUTH_SECRET=${{ secrets.STAGING_NEXTAUTH_SECRET }}" >> $GITHUB_ENV
+            echo "POSTGRESQL_SECRET=${{ secrets.STAGING_DB_PASSWORD }}" >> $GITHUB_ENV
           else
             BRANCH_SAFE=${BRANCH//\//-}
             CLIENT_URL=$BRANCH_SAFE.whiteboard.student.k8s.aet.cit.tum.de
@@ -270,6 +279,9 @@ jobs:
             echo "NAMESPACE=$BRANCH_SAFE" >> $GITHUB_ENV
             echo "IMAGE_TAG=$BRANCH_SAFE" >> $GITHUB_ENV
             echo "VALUES_FILE=./infrastructure/whiteboard-app/pullrequest.values.yaml" >> $GITHUB_ENV
+            echo "KEYCLOAK_CLIENT_SECRET=${{ secrets.PR_KEYCLOAK_CLIENT_SECRET }}" >> $GITHUB_ENV
+            echo "NEXTAUTH_SECRET=${{ secrets.PR_NEXTAUTH_SECRET }}" >> $GITHUB_ENV
+            echo "POSTGRESQL_SECRET=${{ secrets.PR_DB_PASSWORD }}" >> $GITHUB_ENV
           fi
 
           echo "CLIENT_URL=$CLIENT_URL" >> $GITHUB_ENV
@@ -278,6 +290,9 @@ jobs:
           echo "GENAI_URL=$GENAI_URL" >> $GITHUB_ENV
           echo "OPEN_WEB_UI_API_KEY=${{ secrets.OPEN_WEB_UI_API_KEY }}" >> $GITHUB_ENV
           echo "REALTIME_URL=$REALTIME_URL" >> $GITHUB_ENV
+          echo "KEYCLOAK_CLIENT_SECRET=$KEYCLOAK_CLIENT_SECRET" >> $GITHUB_ENV
+          echo "NEXTAUTH_SECRET=$NEXTAUTH_SECRET" >> $GITHUB_ENV
+          echo "POSTGRESQL_SECRET=$POSTGRESQL_SECRET" >> $GITHUB_ENV
 
           echo "CLIENT_URL=$CLIENT_URL" >> $GITHUB_OUTPUT
           echo "SERVER_URL=$SERVER_URL" >> $GITHUB_OUTPUT
@@ -329,7 +344,13 @@ jobs:
             --set auth.url="${{ env.AUTH_URL }}" \
             --set genai.url="${{ env.GENAI_URL }}" \
             --set genai.apiKey="${{ env.OPEN_WEB_UI_API_KEY }}" \
-            --set realtime.url="${{ env.REALTIME_URL }}"
+            --set realtime.url="${{ env.REALTIME_URL }}" \
+            --set keycloak.clientSecret="${{ env.KEYCLOAK_CLIENT_SECRET }}" \
+            --set nextauth.secret="${{ env.NEXTAUTH_SECRET }}" \
+            --set postgresql.auth.postgresPassword="${{ env.POSTGRESQL_SECRET }}" \
+
+        env:
+          POSTGRESQL_SECRET: ${{ secrets.POSTGRESQL_SECRET }}
 
   comment-pr:
     needs: deploy

infrastructure/whiteboard-app/production.values.yaml

@@ -10,11 +10,11 @@ client:
   replicaCount: 1
   env:
     - name: KEYCLOAK_CLIENT_SECRET
-      value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
+      value: '{{ .Values.keycloak.clientSecret }}'
     - name: NEXTAUTH_URL
       value: https://whiteboard.student.k8s.aet.cit.tum.de/api/auth/
     - name: NEXTAUTH_SECRET
-      value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
+      value: '{{ .Values.nextauth.secret }}'
     - name: KEYCLOAK_CLIENT_ID
       value: webclient
     - name: KEYCLOAK_ISSUER
@@ -41,7 +41,7 @@ server:
     - name: DB_USER
       value: postgres
     - name: DB_PASSWORD
-      value: postgres
+      value: '{{ .Values.postgresql.auth.postgresPassword }}'
     - name: ALLOWED_ORIGIN
       value: "https://whiteboard.student.k8s.aet.cit.tum.de"
     - name: IDP_INTERNAL_URI
@@ -74,7 +74,7 @@ postgresql:
       - name: POSTGRES_USER
         value: postgres
       - name: POSTGRES_PASSWORD
-        value: password
+        value: '{{ .Values.postgresql.auth.postgresPassword }}'
       - name: POSTGRES_MULTIPLE_DATABASES
         value: "main,keycloak"
     extraVolumes:
@@ -90,13 +90,13 @@ keycloak:
     enabled: false
   auth:
     adminUser: admin
-    adminPassword: password
+    adminPassword: '{{ .Values.postgresql.auth.postgresPassword }}'
   postgresql:
     enabled: false
   externalDatabase:
     host: '{{ printf "%s-postgresql" .Release.Name }}'
     user: postgres
-    password: password
+    password: '{{ .Values.postgresql.auth.postgresPassword }}'
     database: keycloak
     port: 5432
   extraEnvVars:

infrastructure/whiteboard-app/pullrequest.values.yaml

@@ -10,11 +10,11 @@ client:
   replicaCount: 1
   env:
     - name: KEYCLOAK_CLIENT_SECRET
-      value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
+      value: '{{ .Values.keycloak.clientSecret }}'
     - name: NEXTAUTH_URL
       value: 'https://{{ .Values.client.url }}/api/auth/'
     - name: NEXTAUTH_SECRET
-      value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
+      value: '{{ .Values.nextauth.secret }}'
     - name: KEYCLOAK_CLIENT_ID
       value: webclient
     - name: KEYCLOAK_ISSUER
@@ -41,7 +41,7 @@ server:
     - name: DB_USER
       value: postgres
     - name: DB_PASSWORD
-      value: password
+      value: '{{ .Values.postgresql.auth.postgresPassword }}'
     - name: ALLOWED_ORIGIN
       value: 'https://{{ .Values.client.url }}'
     - name: IDP_INTERNAL_URI
@@ -94,13 +94,13 @@ keycloak:
     enabled: false
   auth:
     adminUser: admin
-    adminPassword: password
+    adminPassword: '{{ .Values.postgresql.auth.postgresPassword }}'
   postgresql:
     enabled: false
   externalDatabase:
     host: '{{ printf "%s-postgresql" .Release.Name }}'
     user: postgres
-    password: password
+    password: '{{ $.Values.postgresql.auth.postgresPassword }}'
     database: keycloak
     port: 5432
   extraEnvVars:

infrastructure/whiteboard-app/staging.values.yaml

@@ -10,11 +10,11 @@ client:
   replicaCount: 1
   env:
     - name: KEYCLOAK_CLIENT_SECRET
-      value: SXiMvr1GG10bk2J63ODZC9SOaoAZ4dbe
+      value: '{{ .Values.keycloak.clientSecret }}'
     - name: NEXTAUTH_URL
       value: https://staging.whiteboard.student.k8s.aet.cit.tum.de/api/auth/
     - name: NEXTAUTH_SECRET
-      value: feZJWB3mcQ93VBmqHKQI5er5NEIxcDPb3wtT/KaLB9s=
+      value: '{{ .Values.nextauth.secret }}'
     - name: KEYCLOAK_CLIENT_ID
       value: webclient
     - name: KEYCLOAK_ISSUER
@@ -41,7 +41,7 @@ server:
     - name: DB_USER
       value: postgres
     - name: DB_PASSWORD
-      value: password
+      value: '{{ .Values.postgresql.auth.postgresPassword }}'
     - name: ALLOWED_ORIGIN
       value: "https://staging.whiteboard.student.k8s.aet.cit.tum.de"
     - name: IDP_INTERNAL_URI
@@ -90,7 +90,7 @@ keycloak:
     enabled: false
   auth:
     adminUser: admin
-    adminPassword: password
+    adminPassword: '{{ .Values.postgresql.auth.postgresPassword }}'
   postgresql:
     enabled: false
   externalDatabase: