forgejo_admin/pal-e-platform
1
0
Fork 0
Code Issues 31 Pull requests Projects Releases Packages Wiki Activity Actions

cleanup: remove SendGrid dependency — Gmail OAuth covers all email #146

Merged
forgejo_admin merged 1 commit from 122-remove-sendgrid-dependency-gmail-oauth-c into main 2026-03-22 19:04:01 +00:00
Conversation 2 Commits 1 Files changed 1 +11
forgejo_admin commented 2026-03-22 19:00:41 +00:00
Owner
Copy link

Closes #122

Summary

  • Remove the dead SendGrid dependency. Account is out of credits (451 Maximum credits exceeded) and was never used in production.
  • All email delivery goes through Gmail OAuth (westsidebasketball@gmail.com).
  • Deleted orphaned API key from ~/secrets/sendgrid/ (local filesystem) and added audit trail to secrets registry.

Changes

  • salt/pillar/secrets_registry.sls — Added removed section with sendgrid_api_key audit entry documenting the removal date, reason, and issue reference
  • ~/secrets/sendgrid/api_key — Deleted from local filesystem (not tracked in this repo)

Discovered Scope

  • ~/secrets/README.md still references SendGrid — separate private repo, not this PR's concern.
  • Keycloak SMTP admin console config needs clearing — managed via UI, not IaC. Issue #142 will bring Keycloak realm config into Terraform.

Terraform Changes

N/A — no Terraform files changed. Only Salt pillar metadata updated.

  • tofu fmt passed (only gitignored secrets.auto.tfvars flagged)
  • tofu validate passed

README Impact

  • README roadmap updated (or N/A) — N/A, no roadmap impact

Test Plan

  • grep -ri sendgrid ~/pal-e-platform/ returns zero matches in tracked files
  • grep -ri sendgrid ~/pal-e-services/ returns zero matches
  • tofu validate passes
  • No service depends on SendGrid — basketball-api uses Gmail OAuth exclusively
  • ~/secrets/sendgrid/ directory deleted

Review Checklist

  • Review-fix loop passed (clean review, zero issues)
  • User approved merge

Related

  • Forgejo issue: #122
  • Discovered during Keycloak SMTP investigation (2026-03-21)
Closes #122 ## Summary - Remove the dead SendGrid dependency. Account is out of credits (`451 Maximum credits exceeded`) and was never used in production. - All email delivery goes through Gmail OAuth (`westsidebasketball@gmail.com`). - Deleted orphaned API key from `~/secrets/sendgrid/` (local filesystem) and added audit trail to secrets registry. ## Changes - `salt/pillar/secrets_registry.sls` — Added `removed` section with `sendgrid_api_key` audit entry documenting the removal date, reason, and issue reference - `~/secrets/sendgrid/api_key` — Deleted from local filesystem (not tracked in this repo) ## Discovered Scope - `~/secrets/README.md` still references SendGrid — separate private repo, not this PR's concern. - Keycloak SMTP admin console config needs clearing — managed via UI, not IaC. Issue #142 will bring Keycloak realm config into Terraform. ## Terraform Changes N/A — no Terraform files changed. Only Salt pillar metadata updated. - [x] `tofu fmt` passed (only gitignored `secrets.auto.tfvars` flagged) - [x] `tofu validate` passed ## README Impact - [x] README roadmap updated (or N/A) — N/A, no roadmap impact ## Test Plan - [x] `grep -ri sendgrid ~/pal-e-platform/` returns zero matches in tracked files - [x] `grep -ri sendgrid ~/pal-e-services/` returns zero matches - [x] `tofu validate` passes - [x] No service depends on SendGrid — basketball-api uses Gmail OAuth exclusively - [x] `~/secrets/sendgrid/` directory deleted ## Review Checklist - [ ] Review-fix loop passed (clean review, zero issues) - [ ] User approved merge ## Related - Forgejo issue: #122 - Discovered during Keycloak SMTP investigation (2026-03-21)
cleanup: remove SendGrid dependency — Gmail OAuth covers all email
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
ci/woodpecker/pull_request_closed/woodpecker Pipeline was successful
Details
065d99b087 
SendGrid account is out of credits (451 Maximum credits exceeded) and
was never used in production. All email delivery goes through Gmail
OAuth (westsidebasketball@gmail.com). This removes the orphaned API
key from ~/secrets/sendgrid/ and adds an audit trail entry to the
secrets registry.

Closes #122

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-22 19:01:07 +00:00
Author
Owner
Copy link

Review: LGTM

Files reviewed: salt/pillar/secrets_registry.sls (11 additions)

Findings: Zero issues.

  • YAML structure valid -- removed section at correct indentation level under secrets_registry:
  • Audit trail entry has all required fields (description, date, by, reason)
  • No unrelated changes
  • PR body documents discovered scope (secrets README, Keycloak SMTP console config)
  • tofu validate passes, no Terraform files changed

Clean review. Ready for user approval.

## Review: LGTM **Files reviewed:** `salt/pillar/secrets_registry.sls` (11 additions) **Findings:** Zero issues. - YAML structure valid -- `removed` section at correct indentation level under `secrets_registry:` - Audit trail entry has all required fields (description, date, by, reason) - No unrelated changes - PR body documents discovered scope (secrets README, Keycloak SMTP console config) - `tofu validate` passes, no Terraform files changed Clean review. Ready for user approval.
forgejo_admin commented 2026-03-22 19:02:35 +00:00
Author
Owner
Copy link

PR #146 Review

DOMAIN REVIEW

Tech stack: Salt pillar (YAML metadata). No Terraform, no application code, no container changes.

Scope verification: The diff adds 11 lines to salt/pillar/secrets_registry.sls -- a new removed section under secrets_registry with a sendgrid_api_key audit entry. No lines were deleted. No other files were changed.

Completeness check: I searched the entire repo for remaining SendGrid references:

  • salt/pillar/secrets/ -- zero matches
  • terraform/ -- zero matches
  • All *.tf files -- zero matches
  • The only sendgrid matches are in the newly added removed audit trail block itself

This confirms SendGrid was never wired into Terraform or Salt secrets pillars in this repo -- the dependency was purely a local filesystem secret (~/secrets/sendgrid/api_key) and external account. The cleanup is complete for this repo's scope.

Salt pillar structure: The removed section is placed at the top level of secrets_registry, peer to platform, services, forgejo, sops, and gpg. This is a sensible location for audit trail metadata. The YAML is syntactically valid.

Audit trail quality: The entry includes description, removed_date, removed_by, and reason -- all the fields needed for future traceability. The removed_by field correctly references issue #122.

BLOCKERS

None.

  • No new functionality requiring tests (metadata-only change)
  • No user input to validate
  • No secrets or credentials committed (the file is explicitly a metadata registry with no actual secret values)
  • No auth/security path duplication

NITS

  1. Discovered scope tracking: The PR body mentions two discovered scope items: (a) ~/secrets/README.md still references SendGrid, and (b) Keycloak SMTP admin console config needs clearing (deferred to #142). Neither has a dedicated Forgejo issue for the README cleanup. Per feedback_discovered_scope_always_tracked.md, discovered scope always becomes a Forgejo issue + board item. The README cleanup should get its own issue, even if it lives in a private repo.

  2. PR body "Related" section: The Related section references Forgejo issue: #122 but does not reference the plan slug plan-pal-e-platform. This is a minor SOP gap.

SOP COMPLIANCE

  • Branch named after issue: 122-remove-sendgrid-dependency-gmail-oauth-c starts with 122
  • PR body has: Summary, Changes, Test Plan, Related
  • Related section references plan slug -- missing plan-pal-e-platform
  • No secrets committed -- confirmed via regex scan
  • No unnecessary file changes -- single file, 11 additions, 0 deletions
  • Commit messages are descriptive (not visible in diff but PR title is clear)
  • Discovered scope documented in PR body
  • tofu fmt and tofu validate confirmed passing (N/A for Salt-only change, but PR body confirms)

PROCESS OBSERVATIONS

  • DORA impact: Zero deployment frequency risk. This is a metadata-only change with no infrastructure or application impact. No state changes, no Helm releases, no container restarts.
  • Change failure risk: Extremely low. The only change is appending an audit trail to a Salt pillar metadata file. No Salt states consume the removed section, so even a YAML error here would have no runtime effect.
  • Documentation: The audit trail pattern established here (removed section with date, reason, issue reference) is a good precedent for future secret deprecations across the platform.

VERDICT: APPROVED

## PR #146 Review ### DOMAIN REVIEW **Tech stack**: Salt pillar (YAML metadata). No Terraform, no application code, no container changes. **Scope verification**: The diff adds 11 lines to `salt/pillar/secrets_registry.sls` -- a new `removed` section under `secrets_registry` with a `sendgrid_api_key` audit entry. No lines were deleted. No other files were changed. **Completeness check**: I searched the entire repo for remaining SendGrid references: - `salt/pillar/secrets/` -- zero matches - `terraform/` -- zero matches - All `*.tf` files -- zero matches - The only `sendgrid` matches are in the newly added `removed` audit trail block itself This confirms SendGrid was never wired into Terraform or Salt secrets pillars in this repo -- the dependency was purely a local filesystem secret (`~/secrets/sendgrid/api_key`) and external account. The cleanup is complete for this repo's scope. **Salt pillar structure**: The `removed` section is placed at the top level of `secrets_registry`, peer to `platform`, `services`, `forgejo`, `sops`, and `gpg`. This is a sensible location for audit trail metadata. The YAML is syntactically valid. **Audit trail quality**: The entry includes `description`, `removed_date`, `removed_by`, and `reason` -- all the fields needed for future traceability. The `removed_by` field correctly references `issue #122`. ### BLOCKERS None. - No new functionality requiring tests (metadata-only change) - No user input to validate - No secrets or credentials committed (the file is explicitly a metadata registry with no actual secret values) - No auth/security path duplication ### NITS 1. **Discovered scope tracking**: The PR body mentions two discovered scope items: (a) `~/secrets/README.md` still references SendGrid, and (b) Keycloak SMTP admin console config needs clearing (deferred to #142). Neither has a dedicated Forgejo issue for the README cleanup. Per `feedback_discovered_scope_always_tracked.md`, discovered scope always becomes a Forgejo issue + board item. The README cleanup should get its own issue, even if it lives in a private repo. 2. **PR body "Related" section**: The Related section references `Forgejo issue: #122` but does not reference the plan slug `plan-pal-e-platform`. This is a minor SOP gap. ### SOP COMPLIANCE - [x] Branch named after issue: `122-remove-sendgrid-dependency-gmail-oauth-c` starts with `122` - [x] PR body has: Summary, Changes, Test Plan, Related - [ ] Related section references plan slug -- missing `plan-pal-e-platform` - [x] No secrets committed -- confirmed via regex scan - [x] No unnecessary file changes -- single file, 11 additions, 0 deletions - [x] Commit messages are descriptive (not visible in diff but PR title is clear) - [x] Discovered scope documented in PR body - [x] `tofu fmt` and `tofu validate` confirmed passing (N/A for Salt-only change, but PR body confirms) ### PROCESS OBSERVATIONS - **DORA impact**: Zero deployment frequency risk. This is a metadata-only change with no infrastructure or application impact. No state changes, no Helm releases, no container restarts. - **Change failure risk**: Extremely low. The only change is appending an audit trail to a Salt pillar metadata file. No Salt states consume the `removed` section, so even a YAML error here would have no runtime effect. - **Documentation**: The audit trail pattern established here (`removed` section with date, reason, issue reference) is a good precedent for future secret deprecations across the platform. ### VERDICT: APPROVED
forgejo_admin deleted branch 122-remove-sendgrid-dependency-gmail-oauth-c 2026-03-22 19:04:01 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform!146
No description provided.