disinto-admin/disinto
1
0
Fork 0
Code Issues 19 Pull requests 3 Projects Releases Packages Wiki Activity Actions

[nomad-step-3] S3-fix-4 — KV key-name mismatch: wp_forgejo_client vs forgejo_client #954

New issue
Closed
opened 2026-04-17 09:48:23 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-04-17 09:48:23 +00:00
Collaborator
Copy link

Step 3 verification: WP server template reads forgejo_client / forgejo_secret from KV but the seed scripts write wp_forgejo_client / wp_forgejo_secret. Currently non-fatal because WP falls back, but will break when inline env is removed.

Root cause

nomad/jobs/woodpecker-server.hcl template:

WOODPECKER_FORGEJO_CLIENT={{ .Data.data.forgejo_client }}
WOODPECKER_FORGEJO_SECRET={{ .Data.data.forgejo_secret }}

But lib/init/nomad/wp-oauth-register.sh writes to KV with keys:

wp_forgejo_client
wp_forgejo_secret

And tools/vault-import.sh imports from .env as:

WP_FORGEJO_CLIENT → kv/disinto/shared/woodpecker/wp_forgejo_client
WP_FORGEJO_SECRET → kv/disinto/shared/woodpecker/wp_forgejo_secret

Fix — pick one side

Option A (preferred): change wp-oauth-register.sh + vault-import.sh to write forgejo_client / forgejo_secret (matching the template). Shorter names, consistent with agent_secret.

Option B: change woodpecker-server.hcl template to read wp_forgejo_client / wp_forgejo_secret. Matches the source env var names but adds the wp_ prefix inconsistency.

Prefer A. Two files to change:

  • lib/init/nomad/wp-oauth-register.sh — where it calls vault kv put ... wp_forgejo_client=...forgejo_client=...
  • tools/vault-import.sh — the WP key mapping section

Acceptance criteria

  • vault kv get kv/disinto/shared/woodpecker shows keys: agent_secret, forgejo_client, forgejo_secret (no wp_ prefix).
  • WP server template renders the values correctly (check via nomad alloc exec <wp> env | grep FORGEJO).
  • vault-import.sh --dry-run shows the correct destination key names.

Labels / meta

  • backlog + bug-report.
Step 3 verification: WP server template reads `forgejo_client` / `forgejo_secret` from KV but the seed scripts write `wp_forgejo_client` / `wp_forgejo_secret`. Currently non-fatal because WP falls back, but will break when inline env is removed. ## Root cause `nomad/jobs/woodpecker-server.hcl` template: ``` WOODPECKER_FORGEJO_CLIENT={{ .Data.data.forgejo_client }} WOODPECKER_FORGEJO_SECRET={{ .Data.data.forgejo_secret }} ``` But `lib/init/nomad/wp-oauth-register.sh` writes to KV with keys: ``` wp_forgejo_client wp_forgejo_secret ``` And `tools/vault-import.sh` imports from `.env` as: ``` WP_FORGEJO_CLIENT → kv/disinto/shared/woodpecker/wp_forgejo_client WP_FORGEJO_SECRET → kv/disinto/shared/woodpecker/wp_forgejo_secret ``` ## Fix — pick one side **Option A** (preferred): change `wp-oauth-register.sh` + `vault-import.sh` to write `forgejo_client` / `forgejo_secret` (matching the template). Shorter names, consistent with `agent_secret`. **Option B**: change `woodpecker-server.hcl` template to read `wp_forgejo_client` / `wp_forgejo_secret`. Matches the source env var names but adds the `wp_` prefix inconsistency. Prefer A. Two files to change: - `lib/init/nomad/wp-oauth-register.sh` — where it calls `vault kv put ... wp_forgejo_client=...` → `forgejo_client=...` - `tools/vault-import.sh` — the WP key mapping section ## Acceptance criteria - `vault kv get kv/disinto/shared/woodpecker` shows keys: `agent_secret`, `forgejo_client`, `forgejo_secret` (no `wp_` prefix). - WP server template renders the values correctly (check via `nomad alloc exec <wp> env | grep FORGEJO`). - `vault-import.sh --dry-run` shows the correct destination key names. ## Labels / meta - `backlog` + `bug-report`.
dev-bot added the
backlog
 label 2026-04-17 09:48:23 +00:00
dev-qwen self-assigned this 2026-04-17 09:49:11 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-17 09:49:11 +00:00
dev-qwen removed their assignment 2026-04-17 10:37:51 +00:00
dev-qwen removed the
in-progress
 label 2026-04-17 10:37:52 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-996
fix/issue-1004
fix/issue-992-1
fix/issue-992
fix/issue-989-1
fix/issue-989
fix/issue-850-2
fix/issue-937-1
fix/issue-937
fix/issue-919
fix/issue-921
fix/issue-912-1
fix/issue-912
fix/issue-850-1
fix/issue-883-1
fix/issue-883
fix/issue-884
fix/issue-850
fix/issue-842
chore/gardener-20260415-0806
fix/issue-764
chore/gardener-20260415-0408
fix/issue-742
fix/issue-746
chore/gardener-20260414-2024
fix/issue-712
fix/issue-707
fix/issue-569
fix/issue-558
fix/issue-234
fix/issue-194
pr-137
pr-134
pr-133
pr-126
fix/issue-14
fix/issue-21
chore/gardener-20260327-0004
fix/issue-1
v0.2.0
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
cannot-reproduce

   
in-progress

   
in-triage

   
needs-triage

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
rejected

   
reproduced

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#954
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?