fix(apps): drop duplicate keycloak-client secret (chart owns it)

The forteapp chart renders Secret/keycloak-client-forte-drop from
auth.registration values (verified: the live secret is tracked by
the forte-drop Application and carries the correct
drop.forteapps.net redirect). The overlay copy gives the secret two
owners — enterprise-apps and forte-drop self-heal against each
other in a sync loop (the Slack spam). Remove the overlay copy;
the chart is the single source.

.gitea/workflows/scan.yaml

@@ -1,20 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: Install TruffleHog
-      run: |
-        curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \
-          | sh -s -- -b /usr/local/bin
-    - name: Secret Scanning
-      run: trufflehog git file://. --fail --no-update --results=verified,unknown

apps/overlays/upc-dev/forte-drop-postgresql/resources/pg-backup-cronjob.yaml

@@ -77,12 +77,6 @@ spec:
               mc rm --recursive --force --older-than 30d "obj/${S3_BUCKET}/_pgbackups/" || true
               echo "backup retention pass complete"
             env:
-            # mc writes its config under $MC_CONFIG_DIR; point it at the shared
-            # emptyDir (writable by uid 65532 via fsGroup). Without this it tries
-            # to mkdir /.mc on the read-only-to-nonroot root fs -> "mkdir /.mc:
-            # permission denied" and every run fails before uploading.
-            - name: MC_CONFIG_DIR
-              value: "/work/.mc"
             - name: S3_ENDPOINT
               valueFrom:
                 secretKeyRef: { name: forte-drop-secrets, key: S3_ENDPOINT }

apps/overlays/upc-dev/forte-drop/forte-drop.yaml

@@ -5,9 +5,9 @@ metadata:
   namespace: argocd
   annotations:
     argocd.argoproj.io/sync-wave: "1"
-#    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
-#    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
-#    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
   labels:
     app.kubernetes.io/name: forte-drop
     app.kubernetes.io/part-of: apps

apps/overlays/upc-dev/forte-drop/keycloak-client-forte-drop.yaml

@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: keycloak-client-forte-drop
-  namespace: forte-drop
-  labels:
-    keycloak.forteapps.net/client-config: "true"
-  annotations:
-    keycloak.forteapps.net/source-namespace: "forte-drop"
-stringData:
-  client.json: |
-    {
-      "clientId": "forte-drop",
-      "name": "Forte Drop (web)",
-      "enabled": true,
-      "protocol": "openid-connect",
-      "clientAuthenticatorType": "client-secret",
-      "standardFlowEnabled": true,
-      "directAccessGrantsEnabled": false,
-      "serviceAccountsEnabled": false,
-      "publicClient": false,
-      "redirectUris": ["https://drop.forteapps.net/auth/callback"],
-      "webOrigins": ["https://drop.forteapps.net"],
-      "defaultClientScopes": ["openid","email","profile"],
-      "secret": {
-        "namespace": "forte-drop",
-        "name": "forte-drop-oidc-credentials",
-        "keys": {
-          "clientId": "client-id",
-          "clientSecret": "client-secret"
-        }
-      }
-    }

apps/overlays/upc-dev/forte-drop/kustomization.yaml

@@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - forte-drop.yaml
-- keycloak-client-forte-drop.yaml
 - forte-drop-pdb.yaml
 - forte-drop-secrets-sealed.yaml

infra/base/gitea/gitea.yaml

@@ -17,7 +17,7 @@ spec:
   sources:
   - repoURL: https://dl.gitea.com/charts
     chart: gitea
-    targetRevision: "12.6.0"
+    targetRevision: "12.5.0"
     helm:
       releaseName: gitea
       valueFiles:

infra/values/upc-dev/homepage-values.yaml

@@ -59,6 +59,10 @@ config:
         href: https://benken.hackathon.forteapps.net
         description: Teknisk kompetanse fra offentlige anbud
         icon: forte
+    - Forte Drop:
+        href: https://drop.forteapps.net
+        description: Self-hosted HTML-drops + MCP for Claude
+        icon: forte
     - Forte Feedback:
         href: https://feedback.forteapps.net
         description: Fortes internal feedback app