Skip to content

swh-web: add setting for inbound email shared key

Nicolas Dandrimont requested to merge mr/swh-web-inbound-email into production

part of swh/infra/sysadm-environment#5235 (closed)

helm-diff.sh output
[swh] Comparing changes between branches production and mr/swh-web-inbound-email (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'mr/swh-web-inbound-email'
Your branch is up to date with 'origin/mr/swh-web-inbound-email'.
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'mr/swh-web-inbound-email'
Your branch is up to date with 'origin/mr/swh-web-inbound-email'.
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh.before	2024-02-20 10:48:15.840961958 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh.after	2024-02-20 10:48:16.260966290 +0100
@@ -1334,20 +1334,22 @@
             default: 120/h
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+    inbound_email:
+      shared_key: ${INBOUND_EMAIL_SHARED_KEY}
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
@@ -4654,21 +4656,21 @@
       app: web-postgresql
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web-postgresql
       annotations:
-        checksum/config: 42b13df101626f1c48913ed0d6502245ff898f0f7bc1e963b69e2324366ee8e2
+        checksum/config: 26a7bc8690f61a63d24d91d64254553b4ca8f4d93b990ff765dbe2a00e9456ec
         checksum/config-utils: d75ca13b805bce6a8ab59c8e24c938f2283108f6a79134f6e71db86308651dc6
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
@@ -4725,20 +4727,28 @@
                   optional: false
             - name: GIVE_PUBLIC_KEY
               valueFrom:
                 secretKeyRef:
                   name: web-give-secrets
                   key: public-key
                   # 'name' secret must exist & include that ^ key
                   optional: false
             
             
+            
+            - name: INBOUND_EMAIL_SHARED_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: web-inbound-email-secret
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
             - name: SWH_SENTRY_DSN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: web-sentry-dsn
                   # 'name' secret should exist & include key
                   # if the setting doesn't exist, sentry pushes will be disabled
                   optional: false
             
           volumeMounts:


------------- diff for environment staging namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra.before	2024-02-20 10:48:16.040964022 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra.after	2024-02-20 10:48:16.460968354 +0100
@@ -7678,20 +7678,22 @@
             default: 120/h
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+    inbound_email:
+      shared_key: ${INBOUND_EMAIL_SHARED_KEY}
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
@@ -22501,21 +22503,21 @@
       app: web-cassandra
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web-cassandra
       annotations:
-        checksum/config: 2349e11bcc7052a664affddd4607230ce7a520cfdfe17a767112048273e14482
+        checksum/config: 4bd8b0f9526c2d6e2b7af7fdf9842e094e155245070406979270ef182f50be79
         checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
@@ -22580,20 +22582,28 @@
             
             
             
             - name: WEBHOOKS_SECRET
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: webhooks-secret
                   # 'name' secret must exist & include that ^ key
                   optional: false
+            
+            - name: INBOUND_EMAIL_SHARED_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: web-inbound-email-secret
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
             - name: SWH_SENTRY_DSN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: web-sentry-dsn
                   # 'name' secret should exist & include key
                   # if the setting doesn't exist, sentry pushes will be disabled
                   optional: false
             
           volumeMounts:


------------- diff for environment staging namespace swh-cassandra-next-version -------------

--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra-next-version.before	2024-02-20 10:48:16.164965300 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra-next-version.after	2024-02-20 10:48:16.588969674 +0100
@@ -3990,20 +3990,22 @@
             default: 120/h
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+    inbound_email:
+      shared_key: ${INBOUND_EMAIL_SHARED_KEY}
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
@@ -11095,21 +11097,21 @@
       app: web-cassandra
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web-cassandra
       annotations:
-        checksum/config: b09eb58dbefef8a55c4d9caf3992d08f8f9d268d4c9baeca9e893467be6a98d1
+        checksum/config: 53c24212a30e71faefcfcd4604491a9350acc11990d635e22270061339e11837
         checksum/config-utils: 94d255131467f84bef964a4c72b2b792c5ebaf711bb1c77829d7cd1007a8ac22
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
@@ -11174,20 +11176,28 @@
             
             
             
             - name: WEBHOOKS_SECRET
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: webhooks-secret
                   # 'name' secret must exist & include that ^ key
                   optional: false
+            
+            - name: INBOUND_EMAIL_SHARED_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: web-inbound-email-secret
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
             - name: SWH_SENTRY_DSN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: web-sentry-dsn
                   # 'name' secret should exist & include key
                   # if the setting doesn't exist, sentry pushes will be disabled
                   optional: false
             
           volumeMounts:


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.PMIzzg4z/production-swh.before	2024-02-20 10:48:16.832972192 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/production-swh.after	2024-02-20 10:48:17.160975575 +0100
@@ -24775,20 +24775,28 @@
                   optional: false
             
             
             - name: GITLAB_AFN_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: gitlab_afn_token
                   # 'name' secret must exist & include that ^ key
                   optional: false
+            
+            - name: INBOUND_EMAIL_SHARED_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: web-inbound-email-secret
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
             - name: SWH_SENTRY_DSN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: web-sentry-dsn
                   # 'name' secret should exist & include key
                   # if the setting doesn't exist, sentry pushes will be disabled
                   optional: false
             
           volumeMounts:


------------- diff for environment production namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.PMIzzg4z/production-swh-cassandra.before	2024-02-20 10:48:16.916973059 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/production-swh-cassandra.after	2024-02-20 10:48:17.252976525 +0100
@@ -1604,20 +1604,22 @@
     keycloak:
       realm_name: SoftwareHeritage
       server_url: https://auth.softwareheritage.org/auth/
     
     content_display_max_size: 5242880
     es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json#
+    inbound_email:
+      shared_key: ${INBOUND_EMAIL_SHARED_KEY}
     keycloak:
       realm_name: SoftwareHeritage
       server_url: https://auth.softwareheritage.org/auth/
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
@@ -5108,21 +5110,21 @@
       app: web-cassandra
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web-cassandra
       annotations:
-        checksum/config: b290b296921bcebd5c8e245700e08c4067e97e3a28b3b6b86bfa0c7ebdf00bf0
+        checksum/config: bd55d104087094eff05bde320b922c00b2930016fc155dd109ff1c071d3f2fe5
         checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
@@ -5186,20 +5188,28 @@
                   optional: false
             
             
             - name: GITLAB_AFN_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: gitlab_afn_token
                   # 'name' secret must exist & include that ^ key
                   optional: false
+            
+            - name: INBOUND_EMAIL_SHARED_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: web-inbound-email-secret
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
             - name: SWH_SENTRY_DSN
               valueFrom:
                 secretKeyRef:
                   name: common-secrets
                   key: web-sentry-dsn
                   # 'name' secret should exist & include key
                   # if the setting doesn't exist, sentry pushes will be disabled
                   optional: false
             
           volumeMounts:

Merge request reports

Loading