forgejo_admin/pal-e-platform
1
0
Fork 1
Code Issues 33 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: add missing woodpecker_agent_secret to CI pipeline #72

New issue
Closed
opened 2026-03-15 01:31:56 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-15 01:31:56 +00:00
Owner
Copy link

Lineage

plan-pal-e-platform → Phase 6 (CI Pipeline & Team Hardening)

Repo

forgejo_admin/pal-e-platform

User Story

As the platform operator
I want the CI apply-on-merge step to have all required Terraform variables
So that merges to main actually apply infrastructure changes (merge=deploy contract)

Context

Pipeline #25 (apply-on-merge on main) fails with Error: No value for required variable for woodpecker_agent_secret. This variable was added to variables.tf in PR #68 (persistent WOODPECKER_AGENT_SECRET) but the corresponding TF_VAR_woodpecker_agent_secret env mapping was never added to .woodpecker.yaml, and no Woodpecker repo secret existed. Every merge to main since PR #68 has a broken apply step. Infrastructure drifts from code.

Woodpecker repo secret tf_var_woodpecker_agent_secret has already been created.

File Targets

Files the agent should modify:

  • .woodpecker.yaml -- add TF_VAR_woodpecker_agent_secret: from_secret: tf_var_woodpecker_agent_secret to both plan and apply step environment blocks

Files the agent should NOT touch:

  • terraform/ -- no Terraform changes needed

Acceptance Criteria

  • .woodpecker.yaml plan step includes TF_VAR_woodpecker_agent_secret env mapping
  • .woodpecker.yaml apply step includes TF_VAR_woodpecker_agent_secret env mapping
  • Pipeline succeeds on merge to main (apply step completes)

Test Expectations

  • Validate YAML syntax: step environment blocks have correct from_secret mapping
  • Pipeline #25 failure mode (missing variable) is resolved on next main push
  • Run command: N/A (CI pipeline validates itself)

Constraints

  • Follow existing pattern: TF_VAR_name: from_secret: tf_var_name
  • Add in alphabetical position relative to other woodpecker vars
  • Must be in BOTH plan and apply steps

Checklist

  • PR opened
  • YAML is valid
  • No unrelated changes

Related

  • project-pal-e-platform -- platform project
  • PR #68 -- introduced the variable
  • Pipeline #25 -- the failing pipeline
### Lineage `plan-pal-e-platform` → Phase 6 (CI Pipeline & Team Hardening) ### Repo `forgejo_admin/pal-e-platform` ### User Story As the platform operator I want the CI apply-on-merge step to have all required Terraform variables So that merges to main actually apply infrastructure changes (merge=deploy contract) ### Context Pipeline #25 (apply-on-merge on main) fails with `Error: No value for required variable` for `woodpecker_agent_secret`. This variable was added to `variables.tf` in PR #68 (persistent WOODPECKER_AGENT_SECRET) but the corresponding `TF_VAR_woodpecker_agent_secret` env mapping was never added to `.woodpecker.yaml`, and no Woodpecker repo secret existed. Every merge to main since PR #68 has a broken apply step. Infrastructure drifts from code. Woodpecker repo secret `tf_var_woodpecker_agent_secret` has already been created. ### File Targets Files the agent should modify: - `.woodpecker.yaml` -- add `TF_VAR_woodpecker_agent_secret: from_secret: tf_var_woodpecker_agent_secret` to both `plan` and `apply` step environment blocks Files the agent should NOT touch: - `terraform/` -- no Terraform changes needed ### Acceptance Criteria - [ ] `.woodpecker.yaml` plan step includes `TF_VAR_woodpecker_agent_secret` env mapping - [ ] `.woodpecker.yaml` apply step includes `TF_VAR_woodpecker_agent_secret` env mapping - [ ] Pipeline succeeds on merge to main (apply step completes) ### Test Expectations - [ ] Validate YAML syntax: step environment blocks have correct `from_secret` mapping - [ ] Pipeline #25 failure mode (missing variable) is resolved on next main push - Run command: N/A (CI pipeline validates itself) ### Constraints - Follow existing pattern: `TF_VAR_name: from_secret: tf_var_name` - Add in alphabetical position relative to other woodpecker vars - Must be in BOTH plan and apply steps ### Checklist - [ ] PR opened - [ ] YAML is valid - [ ] No unrelated changes ### Related - `project-pal-e-platform` -- platform project - PR #68 -- introduced the variable - Pipeline #25 -- the failing pipeline
forgejo_admin 2026-03-15 01:35:07 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
3-westside-ai-assistant-netpol
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform#72
No description provided.