From 612b3e616c9c7a79d71c8bf9b06040692ed85fb2 Mon Sep 17 00:00:00 2001 From: Agent Date: Fri, 17 Apr 2026 09:53:23 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20[nomad-step-3]=20S3-fix-4=20=E2=80=94=20?= =?UTF-8?q?KV=20key-name=20mismatch:=20wp=5Fforgejo=5Fclient=20vs=20forgej?= =?UTF-8?q?o=5Fclient=20(#954)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/vault-import.bats | 3 +++ tools/vault-import.sh | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/vault-import.bats b/tests/vault-import.bats index 890a900..e59e92e 100644 --- a/tests/vault-import.bats +++ b/tests/vault-import.bats @@ -137,6 +137,7 @@ setup() { "${VAULT_ADDR}/v1/kv/data/disinto/shared/woodpecker" [ "$status" -eq 0 ] echo "$output" | grep -q "wp-agent-secret" + # Forgejo keys are normalized: WP_FORGEJO_* → forgejo_* (no wp_ prefix in key name) echo "$output" | grep -q "wp-forgejo-client" echo "$output" | grep -q "wp-forgejo-secret" echo "$output" | grep -q "wp-token" @@ -294,6 +295,8 @@ setup() { "deploy-key-test" "npm-test-token" "dockerhub-test-token" + # Note: forgejo-client and forgejo-secret are NOT in the output + # because they are read from Vault, not logged ) for pattern in "${secret_patterns[@]}"; do diff --git a/tools/vault-import.sh b/tools/vault-import.sh index f85dd16..dd1b73a 100755 --- a/tools/vault-import.sh +++ b/tools/vault-import.sh @@ -391,7 +391,13 @@ EOF local val="${!key}" if [ -n "$val" ]; then local lowercase_key="${key,,}" - operations+=("woodpecker|$lowercase_key|$env_file|$key") + # Normalize WP_FORGEJO_* → forgejo_* (strip wp_ prefix to match template) + if [[ "$lowercase_key" =~ ^wp_(.+)$ ]]; then + vault_key="${BASH_REMATCH[1]}" + else + vault_key="$lowercase_key" + fi + operations+=("woodpecker|$vault_key|$env_file|$key") fi done -- 2.49.1