Merge branch 'main' of https://git.forteapps.net/Forte/launchpad

2026-04-19 13:28:03 +02:00
parent 73e253a579 d7c1341eab
commit a51ed84124
2 changed files with 12 additions and 1 deletions
--- a/docs/REFERENCE.md
+++ b/docs/REFERENCE.md
@@ -817,12 +817,19 @@ postgresql:
 **Authentication**: Keycloak OIDC via `forte` realm (client ID: `gitea`). Protocol mapper: `email_verified` hardcoded claim (`true`, boolean) on ID token, Access token, and Userinfo.
 **External User Sync**: Disabled (`cron.sync_external_users.ENABLED: false`). This Gitea cron job is designed for LDAP and deactivates OIDC-only users because it cannot enumerate them — causing "Sign-in prohibited" errors after the sync runs.
 **Email Notifications**: Enabled (`ENABLE_NOTIFY_MAIL: true`). SMTP credentials injected via `gitea-smtp-secret` using `additionalConfigFromEnvs` with `GITEA__mailer__USER` / `GITEA__mailer__PASSWD` environment variables.
 **Endpoints**:
 - Web UI: `https://git.forteapps.net`
 - SSH: port 22 (ClusterIP)
 - Metrics: `/metrics` (Prometheus scrape)
-**Secrets**: `gitea-credentials` (SealedSecret) containing `admin-password`, `postgres-password`, `secret` (OIDC client secret)
+**Secrets**:
 - `gitea-credentials` (SealedSecret) — admin password
 - `gitea-oidc-credentials` (registrar-managed) — OIDC client ID + secret
 - `gitea-smtp-secret` (SealedSecret) — SMTP username + password
 ### Gitea Actions Runners
--- a/infra/values/base/gitea-values.yaml
+++ b/infra/values/base/gitea-values.yaml
@@ -73,6 +73,10 @@ gitea:
      SMTP_PORT: 587
      FROM: "noreply@fortedigital.com"
    # -- Disable external user sync (designed for LDAP; deactivates OIDC users)
    "cron.sync_external_users":
      ENABLED: false
    admin:
      DEFAULT_EMAIL_NOTIFICATIONS: enabled