From 4fc8ca66e7efa2a157768dc5246bd9e663a66b5c Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Tue, 27 Jan 2026 19:22:32 +0000 Subject: [PATCH] Use CI variable for dev admin password - Remove hardcoded adminPassword from values-dev.yaml - Pass DEV_ADMIN_PASSWORD via --set in deploy_feature - Use same variable in integration_test_feature Requires DEV_ADMIN_PASSWORD to be set in GitLab CI/CD variables. --- .gitlab-ci.yml | 4 +++- helm/orchard/values-dev.yaml | 5 ++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1534a5b..20c0cac 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -303,12 +303,13 @@ reset_stage: allow_failure: true # Don't fail pipeline if reset has issues # Integration tests for feature deployment (full suite) +# Uses DEV_ADMIN_PASSWORD CI variable (same as deploy_feature) integration_test_feature: <<: *integration_test_template needs: [deploy_feature] variables: ORCHARD_TEST_URL: https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools - ORCHARD_TEST_PASSWORD: orchardtest123 # Matches values-dev.yaml orchard.auth.adminPassword + ORCHARD_TEST_PASSWORD: $DEV_ADMIN_PASSWORD rules: - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != "main"' when: on_success @@ -460,6 +461,7 @@ deploy_feature: --namespace $NAMESPACE \ -f $VALUES_FILE \ --set image.tag=git.linux-amd64-$CI_COMMIT_SHA \ + --set orchard.auth.adminPassword=$DEV_ADMIN_PASSWORD \ --set ingress.hosts[0].host=orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools \ --set ingress.tls[0].hosts[0]=orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools \ --set ingress.tls[0].secretName=orchard-$CI_COMMIT_REF_SLUG-tls \ diff --git a/helm/orchard/values-dev.yaml b/helm/orchard/values-dev.yaml index 723e414..8aafb1d 100644 --- a/helm/orchard/values-dev.yaml +++ b/helm/orchard/values-dev.yaml @@ -91,9 +91,8 @@ orchard: port: 8080 # Authentication settings - auth: - # Plain admin password for ephemeral feature environments - adminPassword: "orchardtest123" + # Admin password is set via CI variable (DEV_ADMIN_PASSWORD) passed as --set flag + # This keeps the password out of version control database: host: ""