From bf92de468fd9e39923b06d8dfe170bc973c74d93 Mon Sep 17 00:00:00 2001 From: Dimitris Kargatzis Date: Fri, 27 Feb 2026 00:09:56 +0200 Subject: [PATCH 1/2] fix(config): use consistent APP_CLIENT_ID_GITHUB and APP_CLIENT_SECRET_GITHUB env vars --- .github/workflows/eks-deploy.yaml | 8 ++++---- helm-chart/values.yaml | 4 ++-- src/core/config/settings.py | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/eks-deploy.yaml b/.github/workflows/eks-deploy.yaml index 899d931..10adfd8 100644 --- a/.github/workflows/eks-deploy.yaml +++ b/.github/workflows/eks-deploy.yaml @@ -35,8 +35,8 @@ jobs: # GitHub OAuth secrets APP_NAME_GITHUB: "${{ secrets.APP_NAME_GITHUB }}" - CLIENT_ID_GITHUB: "${{ secrets.CLIENT_ID_GITHUB }}" - APP_CLIENT_SECRET: "${{ secrets.APP_CLIENT_SECRET }}" + APP_CLIENT_ID_GITHUB: "${{ secrets.APP_CLIENT_ID_GITHUB }}" + APP_CLIENT_SECRET_GITHUB: "${{ secrets.APP_CLIENT_SECRET_GITHUB }}" PRIVATE_KEY_BASE64_GITHUB: "${{ secrets.PRIVATE_KEY_BASE64_GITHUB }}" WEBHOOK_SECRET_GITHUB: "${{ secrets.WEBHOOK_SECRET_GITHUB }}" @@ -95,8 +95,8 @@ jobs: --set image.repository=${{ env.IMAGE_REPOSITORY }} \ --set image.tag=${{ env.IMAGE_TAG }} \ --set secrets.APP_NAME_GITHUB=${{ env.APP_NAME_GITHUB }} \ - --set secrets.CLIENT_ID_GITHUB=${{ env.CLIENT_ID_GITHUB }} \ - --set secrets.APP_CLIENT_SECRET=${{ env.APP_CLIENT_SECRET }} \ + --set secrets.APP_CLIENT_ID_GITHUB=${{ env.APP_CLIENT_ID_GITHUB }} \ + --set secrets.APP_CLIENT_SECRET_GITHUB=${{ env.APP_CLIENT_SECRET_GITHUB }} \ --set secrets.PRIVATE_KEY_BASE64_GITHUB=${{ env.PRIVATE_KEY_BASE64_GITHUB }} \ --set secrets.WEBHOOK_SECRET_GITHUB=${{ env.WEBHOOK_SECRET_GITHUB }} \ --set secrets.OPENAI_API_KEY=${{ env.OPENAI_API_KEY }} \ diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index afc4ba6..f99091d 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -101,8 +101,8 @@ affinity: {} # Application secrets configuration - only the required ones (no defaults in config.py) secrets: APP_NAME_GITHUB: "" - CLIENT_ID_GITHUB: "" - APP_CLIENT_SECRET: "" + APP_CLIENT_ID_GITHUB: "" + APP_CLIENT_SECRET_GITHUB: "" PRIVATE_KEY_BASE64_GITHUB: "" WEBHOOK_SECRET_GITHUB: "" OPENAI_API_KEY: "" diff --git a/src/core/config/settings.py b/src/core/config/settings.py index c9cba61..4e8d757 100644 --- a/src/core/config/settings.py +++ b/src/core/config/settings.py @@ -126,10 +126,10 @@ def validate(self) -> bool: errors.append("APP_NAME_GITHUB is required") if not self.github.app_id: - errors.append("CLIENT_ID_GITHUB is required") + errors.append("APP_CLIENT_ID_GITHUB is required") if not self.github.app_client_secret: - errors.append("APP_CLIENT_SECRET is required") + errors.append("APP_CLIENT_SECRET_GITHUB is required") if not self.github.private_key: errors.append("PRIVATE_KEY_BASE64_GITHUB is required") From 5435c3781cb00088de2c9810c89958a648730ad9 Mon Sep 17 00:00:00 2001 From: Dimitris Kargatzis Date: Fri, 27 Feb 2026 00:17:40 +0200 Subject: [PATCH 2/2] fix(config): hardcode APP_NAME_GITHUB as it is not a secret --- .github/workflows/eks-deploy.yaml | 4 ++-- helm-chart/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/eks-deploy.yaml b/.github/workflows/eks-deploy.yaml index 10adfd8..a586fb4 100644 --- a/.github/workflows/eks-deploy.yaml +++ b/.github/workflows/eks-deploy.yaml @@ -33,8 +33,8 @@ jobs: AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - # GitHub OAuth secrets - APP_NAME_GITHUB: "${{ secrets.APP_NAME_GITHUB }}" + # GitHub App Configuration + APP_NAME_GITHUB: "watchflow" APP_CLIENT_ID_GITHUB: "${{ secrets.APP_CLIENT_ID_GITHUB }}" APP_CLIENT_SECRET_GITHUB: "${{ secrets.APP_CLIENT_SECRET_GITHUB }}" PRIVATE_KEY_BASE64_GITHUB: "${{ secrets.PRIVATE_KEY_BASE64_GITHUB }}" diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index f99091d..fc2934e 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -100,7 +100,7 @@ affinity: {} # Application secrets configuration - only the required ones (no defaults in config.py) secrets: - APP_NAME_GITHUB: "" + APP_NAME_GITHUB: "watchflow" APP_CLIENT_ID_GITHUB: "" APP_CLIENT_SECRET_GITHUB: "" PRIVATE_KEY_BASE64_GITHUB: ""