From 8c69ec772ab5f0df73fa2614e5b8b22adb9bbd15 Mon Sep 17 00:00:00 2001 From: kasun Date: Thu, 28 May 2026 02:24:57 +0200 Subject: [PATCH] removed non-working secrets management of pulumi.dev.yaml --- .env.local | 3 ++ .env.local.example | 10 ------ .gitea/workflows/deploy-proxmox-infra.yaml | 6 ---- .githooks/pre-push | 36 ---------------------- .gitignore | 3 +- proxmox-infra/CLAUDE.md | 2 +- 6 files changed, 5 insertions(+), 55 deletions(-) create mode 100644 .env.local delete mode 100644 .env.local.example delete mode 100755 .githooks/pre-push diff --git a/.env.local b/.env.local new file mode 100644 index 0000000..b757049 --- /dev/null +++ b/.env.local @@ -0,0 +1,3 @@ +GITEA_API_URL=https://gitea.kasuns.website/kasun/homelab-infrastructure-as-code.git +GITEA_TOKEN=ba3fd0f4851aa627e2088da1f94a596646ba2de7 + diff --git a/.env.local.example b/.env.local.example deleted file mode 100644 index 3b5a932..0000000 --- a/.env.local.example +++ /dev/null @@ -1,10 +0,0 @@ -# Copy this file to .env.local and fill in your values. -# .env.local is gitignored and never committed. - -# Gitea HTTP API base URL for this repo (no trailing slash) -# Example: http://192.168.1.208:3000/api/v1/repos/kasun/homelab-infrastructure-as-code -GITEA_API_URL=http:///api/v1/repos// - -# Gitea personal access token with read/write Actions Secrets permission -# Generate at: Gitea → Settings → Applications → Access Tokens -GITEA_TOKEN= diff --git a/.gitea/workflows/deploy-proxmox-infra.yaml b/.gitea/workflows/deploy-proxmox-infra.yaml index 10b3728..951fd37 100644 --- a/.gitea/workflows/deploy-proxmox-infra.yaml +++ b/.gitea/workflows/deploy-proxmox-infra.yaml @@ -29,9 +29,6 @@ jobs: with: node-version: '24' - - name: Restore Stack Config - run: echo "${{ secrets.PULUMI_DEV_YAML }}" | base64 -d > proxmox-infra/Pulumi.dev.yaml - - name: Install Dependencies run: npm install working-directory: proxmox-infra @@ -59,9 +56,6 @@ jobs: with: node-version: '24' - - name: Restore Stack Config - run: echo "${{ secrets.PULUMI_DEV_YAML }}" | base64 -d > proxmox-infra/Pulumi.dev.yaml - - name: Install Dependencies run: npm install working-directory: proxmox-infra diff --git a/.githooks/pre-push b/.githooks/pre-push deleted file mode 100755 index 198c875..0000000 --- a/.githooks/pre-push +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -set -e - -YAML_FILE="proxmox-infra/Pulumi.dev.yaml" - -# Load local env if present -if [ -f .env.local ]; then - export $(grep -v '^#' .env.local | xargs) -fi - -if [ ! -f "$YAML_FILE" ]; then - echo "[pre-push] $YAML_FILE not found — skipping Gitea secret sync" - exit 0 -fi - -if [ -z "$GITEA_API_URL" ] || [ -z "$GITEA_TOKEN" ]; then - echo "[pre-push] GITEA_API_URL or GITEA_TOKEN not set — skipping Gitea secret sync" - echo "[pre-push] Add these to .env.local to enable automatic sync" - exit 0 -fi - -ENCODED=$(base64 -w 0 "$YAML_FILE") - -HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X PUT \ - -H "Authorization: token $GITEA_TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"data\": \"$ENCODED\"}" \ - "$GITEA_API_URL/actions/secrets/PULUMI_DEV_YAML") - -if [ "$HTTP_STATUS" = "201" ] || [ "$HTTP_STATUS" = "204" ]; then - echo "[pre-push] Gitea secret PULUMI_DEV_YAML updated" -else - echo "[pre-push] Failed to update Gitea secret (HTTP $HTTP_STATUS)" - echo "[pre-push] Check GITEA_API_URL and GITEA_TOKEN in .env.local" - exit 1 -fi diff --git a/.gitignore b/.gitignore index 7f75847..6df2fcb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,4 @@ .vscode node_modules/ bin/ -Pulumi.dev.yaml -.env.local \ No newline at end of file +Pulumi.dev.yaml \ No newline at end of file diff --git a/proxmox-infra/CLAUDE.md b/proxmox-infra/CLAUDE.md index f92ba06..7182cc2 100644 --- a/proxmox-infra/CLAUDE.md +++ b/proxmox-infra/CLAUDE.md @@ -51,7 +51,7 @@ Secrets required in Gitea (`Settings → Actions → Secrets`): - `PULUMI_BACKEND_URL` — PostgreSQL connection string for the self-hosted state backend - `PULUMI_CONFIG_PASSPHRASE` — passphrase used to decrypt secrets in `Pulumi.dev.yaml` -- `PULUMI_DEV_YAML` — base64-encoded content of `Pulumi.dev.yaml` (auto-synced by pre-push hook) +- `PULUMI_DEV_YAML` — base64-encoded content of `Pulumi.dev.yaml`; update manually whenever the file changes: `base64 -w 0 Pulumi.dev.yaml` ## Key Notes