fix(helm): support secrets.existingSecret for core secrets

When users set secrets.enabled=false to use an external secret via
secrets.existingSecret, the environment variables SESSION_SECRET,
MAGIC_LINK_SECRET, ENCRYPTION_KEY, and MANAGED_WORKER_SECRET were not
being populated from the secret.

The templates only checked `if .Values.secrets.enabled` before setting
these env vars. This change updates the condition to also check for
`secrets.existingSecret`, so users can reference an existing Kubernetes
Secret instead of having the chart create one.

Fixes #2859

Co-authored-by: nicktrn <[email protected]>

Author: github-actions[bot]

hosting/k8s/helm/templates/supervisor.yaml

@@ -151,7 +151,7 @@ spec:
               {{- else }}
               value: {{ .Values.supervisor.bootstrap.workerToken.value | quote }}
               {{- end }}
-            {{- if .Values.secrets.enabled }}
+            {{- if or .Values.secrets.enabled .Values.secrets.existingSecret }}
             - name: MANAGED_WORKER_SECRET
               valueFrom:
                 secretKeyRef:

hosting/k8s/helm/templates/webapp.yaml

@@ -263,7 +263,7 @@ spec:
             - name: DEFAULT_ORG_EXECUTION_CONCURRENCY_LIMIT
               value: {{ .Values.webapp.limits.defaultOrgExecutionConcurrencyLimit | quote }}
             {{- end }}
-            {{- if .Values.secrets.enabled }}
+            {{- if or .Values.secrets.enabled .Values.secrets.existingSecret }}
             - name: SESSION_SECRET
               valueFrom:
                 secretKeyRef: