Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

feat(apps): forte-drop web + mcp argocd apps (prod) #18

Merged
jorgen.stensrud merged 23 commits from feat/forte-drop-apps into main 2026-06-04 18:47:08 +00:00
Conversation 36 Commits 23 Files Changed 17 +607 -3
jorgen.stensrud commented 2026-05-29 08:32:04 +00:00
Member
Copy Link

Summary

ArgoCD Applications + Keycloak clients + sealed secret for forte-drop web + mcp (PROD).

What changed

  • forte-drop + forte-drop-mcp ArgoCD Applications (two-source: forte-helm chart + helm-prod-values).
  • namespace.yaml — explicit forte-drop Namespace at sync-wave -1, Prune=false (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal).
  • keycloak-client-forte-drop + keycloak-client-forte-drop-mcp — labeled config Secrets; the registrar creates the OIDC clients in the forte realm within ~2 min.
  • forte-drop-secrets SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob.
  • forte-drop-web PDB — minAvailable 1 (selector verified against the live forteapp chart's pod labels).
  • Wired into apps/overlays/upc-dev (NOT base → stays out of upc-prod).

Post-merge manual step (one-time)

auth-oidc SealedSecret for the web sidecar is still commented out — it needs the client-secret the Keycloak registrar writes to forte-drop-oidc-credentials after first sync:

CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d)
kubectl create secret generic auth-oidc -n forte-drop \
  --from-literal=client-secret="$CLIENT_SECRET" \
  --from-literal=cookie-secret="$(openssl rand -hex 32)" \
  --dry-run=client -o yaml > private/auth-oidc.yaml
kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \
  < private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml
# uncomment in kustomization, commit, push

Depends on

  • launchpad PR #17 (postgres + namespace via CreateNamespace).
  • helm-prod-values forte-drop PR (values).

Review

  • codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1).
  • Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green).

🤖 Generated with Claude Code

## Summary ArgoCD Applications + Keycloak clients + sealed secret for forte-drop **web + mcp** (PROD). ## What changed - **forte-drop** + **forte-drop-mcp** ArgoCD Applications (two-source: forte-helm chart + helm-prod-values). - **namespace.yaml** — explicit `forte-drop` Namespace at sync-wave -1, `Prune=false` (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal). - **keycloak-client-forte-drop** + **keycloak-client-forte-drop-mcp** — labeled config Secrets; the registrar creates the OIDC clients in the `forte` realm within ~2 min. - **forte-drop-secrets** SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob. - **forte-drop-web PDB** — minAvailable 1 (selector verified against the live forteapp chart's pod labels). - Wired into `apps/overlays/upc-dev` (NOT base → stays out of upc-prod). ## Post-merge manual step (one-time) `auth-oidc` SealedSecret for the web sidecar is still commented out — it needs the `client-secret` the Keycloak registrar writes to `forte-drop-oidc-credentials` after first sync: ```bash CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d) kubectl create secret generic auth-oidc -n forte-drop \ --from-literal=client-secret="$CLIENT_SECRET" \ --from-literal=cookie-secret="$(openssl rand -hex 32)" \ --dry-run=client -o yaml > private/auth-oidc.yaml kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \ < private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml # uncomment in kustomization, commit, push ``` ## Depends on - launchpad PR #17 (postgres + namespace via CreateNamespace). - helm-prod-values forte-drop PR (values). ## Review - [x] codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1). - [x] Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green). 🤖 Generated with Claude Code
jorgen.stensrud added 6 commits 2026-05-29 08:32:04 +00:00
feat(apps): forte-drop web + mcp ArgoCD applications a2fae9dd0c 
Two ArgoCD apps from the same forte-drop image:
- forte-drop (web): admin + public drops, sidecar in oidc mode,
  ingress drop-k8s.hackathon.forteapps.net.
- forte-drop-mcp (mcp): MCP-over-HTTP, sidecar in mcp mode,
  ingress mcp.drop-k8s.hackathon.forteapps.net.

Plus two labeled Keycloak client config Secrets — the registrar
creates the OIDC clients in the forte realm within ~2 min.

Sealed secrets (forte-drop-secrets + auth-oidc) added in a
follow-up commit by the maintainer:
  cd /Users/sten/dev/work/forte_k8/launchpad
  kubeseal --format=yaml \
    --controller-name=sealed-secrets-controller \
    --controller-namespace=kube-system \
    < private/forte-drop-secrets.yaml \
    > apps/base/forte-drop/forte-drop-secrets-sealed.yaml
  # auth-oidc: wait for registrar, copy client-secret into private/,
  # then seal as apps/base/forte-drop/auth-oidc-sealed.yaml.
  # (mcp deployment is sidecar type=mcp — no auth-oidc Secret needed;
  # only the web deployment requires it.)
docs(apps): clarify mcp deployment needs no auth-oidc secret dbe67a4d56
fix(apps): scope forte-drop to upc-dev only, not via base 5f6fb9b152 
forte-drop and forte-drop-mcp have hackathon-domain values hardcoded
(drop-k8s.hackathon.forteapps.net). Listing them in apps/base/
syncs them to both upc-dev and upc-prod overlays — prod sync would
create broken Applications pointing at non-existent prod ingress.

Move references to apps/overlays/upc-dev/ only.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
feat(apps): PodDisruptionBudget for forte-drop web (minAvailable 1) 6bc5bd29b3
feat(apps): add forte-drop-secrets sealed secret c4b7167f9e 
Sealed forte-drop-secrets with the real UpCloud Managed Object Storage
creds (existing drops bucket), PG creds matching the deployed
forte-drop-pg-creds, and PASSWORD_GATE_SECRET. Consumed by both web +
mcp deployments (envSecretName) and the pg-backup CronJob (S3 creds).
fix(apps): explicit forte-drop namespace (sync-wave -1, Prune=false)
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 1m40s
Details
d6a97a22df 
Codex review: the apps overlay applies namespaced resources
(keycloak-client Secrets, forte-drop-secrets, PDB) to forte-drop, but
no base created the namespace — first sync on a fresh cluster raced
ahead of the Applications' CreateNamespace and failed with
'namespaces forte-drop not found' until a retry.

Add an explicit Namespace at sync-wave -1 so it exists before the
wave-0 namespaced resources (covers both web + mcp bases via the
shared parent). Prune=false keeps removing a base from cascade-
deleting the namespace + postgres data + the other deployment.
jorgen.stensrud requested review from danijel.simeunovic 2026-05-29 08:32:20 +00:00
jorgen.stensrud removed review request for danijel.simeunovic 2026-05-29 08:32:52 +00:00
jorgen.stensrud added the ai-review label 2026-05-29 08:33:57 +00:00
gitea_admin reviewed 2026-05-29 08:34:05 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/keycloak-client-forte-drop.yaml Outdated
@@ -0,0 +22,4 @@
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Hardcoded URL in redirectUris should be templated or moved to values to support different environments.

#ai-review-inline

Hardcoded URL in redirectUris should be templated or moved to values to support different environments. #ai-review-inline
apps/base/forte-drop/keycloak-client-forte-drop.yaml Outdated
@@ -0,0 +23,4 @@
"serviceAccountsEnabled": false,
"publicClient": false,
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
"webOrigins": ["https://drop-k8s.hackathon.forteapps.net"],
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Hardcoded URL in webOrigins should be templated or moved to values to support different environments.

#ai-review-inline

Hardcoded URL in webOrigins should be templated or moved to values to support different environments. #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:05 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/keycloak-client-forte-drop.yaml Outdated
@@ -0,0 +22,4 @@
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Hardcoded URL in redirectUris should be templated or moved to values to support different environments.

#ai-review-inline

Hardcoded URL in redirectUris should be templated or moved to values to support different environments. #ai-review-inline
apps/base/forte-drop/keycloak-client-forte-drop.yaml Outdated
@@ -0,0 +23,4 @@
"serviceAccountsEnabled": false,
"publicClient": false,
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
"webOrigins": ["https://drop-k8s.hackathon.forteapps.net"],
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Hardcoded URL in webOrigins should be templated or moved to values to support different environments.

#ai-review-inline

Hardcoded URL in webOrigins should be templated or moved to values to support different environments. #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:05 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop-mcp/forte-drop-mcp.yaml Outdated
@@ -0,0 +19,4 @@
sources:
- repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
path: forteapp
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch.

    targetRevision: main

#ai-review-inline

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch. ```suggestion targetRevision: main ``` #ai-review-inline
apps/base/forte-drop-mcp/forte-drop-mcp.yaml Outdated
@@ -0,0 +24,4 @@
valueFiles:
- $values/forte-drop-mcp/values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch.

    targetRevision: main

#ai-review-inline

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:05 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop-mcp/forte-drop-mcp.yaml Outdated
@@ -0,0 +19,4 @@
sources:
- repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
path: forteapp
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch.

    targetRevision: main

#ai-review-inline

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch. ```suggestion targetRevision: main ``` #ai-review-inline
apps/base/forte-drop-mcp/forte-drop-mcp.yaml Outdated
@@ -0,0 +24,4 @@
valueFiles:
- $values/forte-drop-mcp/values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:05 +00:00
Owner
Copy Link

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch.

    targetRevision: main

#ai-review-inline

Using 'HEAD' for targetRevision can lead to unpredictable deployments - prefer a specific tag or branch. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:06 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop-mcp/keycloak-client-forte-drop-mcp.yaml Outdated
@@ -0,0 +2,4 @@
# Claude Desktop) discover this via /.well-known/oauth-protected-resource and
# request tokens with aud=https://mcp.drop-k8s.hackathon.forteapps.net/mcp.
apiVersion: v1
kind: Secret
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Plain-text Secret should not be committed to Git - use SealedSecret or the Keycloak client registrar instead.

#ai-review-inline

Plain-text Secret should not be committed to Git - use SealedSecret or the Keycloak client registrar instead. #ai-review-inline
apps/base/forte-drop-mcp/keycloak-client-forte-drop-mcp.yaml Outdated
@@ -0,0 +15,4 @@
"name": "Forte Drop (MCP)",
"enabled": true,
"protocol": "openid-connect",
"clientAuthenticatorType": "client-secret",
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Client secret authentication requires a secret value which should not be stored in plain-text Git.

#ai-review-inline

Client secret authentication requires a secret value which should not be stored in plain-text Git. #ai-review-inline
apps/base/forte-drop/forte-drop.yaml Outdated
@@ -0,0 +19,4 @@
sources:
- repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
path: forteapp
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control.

    targetRevision: main

#ai-review-inline

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:06 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop.yaml Outdated
@@ -0,0 +24,4 @@
valueFiles:
- $values/forte-drop/values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control.

    targetRevision: main

#ai-review-inline

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:06 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop.yaml Outdated
@@ -0,0 +24,4 @@
valueFiles:
- $values/forte-drop/values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control.

    targetRevision: main

#ai-review-inline

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:06 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop.yaml Outdated
@@ -0,0 +24,4 @@
valueFiles:
- $values/forte-drop/values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
targetRevision: HEAD
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control.

    targetRevision: main

#ai-review-inline

Using 'HEAD' as targetRevision can lead to unstable deployments; prefer a specific tag, branch, or commit hash for better control. ```suggestion targetRevision: main ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:06 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/kustomization.yaml Outdated
@@ -0,0 +6,4 @@
- keycloak-client-forte-drop.yaml
- forte-drop-pdb.yaml
- forte-drop-secrets-sealed.yaml
# - auth-oidc-sealed.yaml # added in follow-up commit (after Keycloak registrar creates client_secret)
gitea_admin commented 2026-05-29 08:34:06 +00:00
Owner
Copy Link

Commented-out resource should be removed or uncommented if needed for proper GitOps hygiene.

#ai-review-inline

Commented-out resource should be removed or uncommented if needed for proper GitOps hygiene. #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:09 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/overlays/upc-dev/kustomization.yaml Outdated
@@ -6,3 +8,4 @@
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster
# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have
gitea_admin commented 2026-05-29 08:34:09 +00:00
Owner
Copy Link

Line comment is truncated mid-sentence, making it unclear.

# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have

#ai-review-inline

Line comment is truncated mid-sentence, making it unclear. ```suggestion # forte-drop and forte-drop-mcp are scoped to upc-dev only — they have ``` #ai-review-inline
apps/overlays/upc-dev/kustomization.yaml Outdated
@@ -7,2 +9,4 @@
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster
# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have
# hackathon-domain hardcoded values and must not sync to upc-prod.
gitea_admin commented 2026-05-29 08:34:09 +00:00
Owner
Copy Link

Line comment is truncated mid-sentence, making it unclear.

# hackathon-domain hardcoded values and must not sync to upc-prod.

#ai-review-inline

Line comment is truncated mid-sentence, making it unclear. ```suggestion # hackathon-domain hardcoded values and must not sync to upc-prod. ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:34:09 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/overlays/upc-dev/kustomization.yaml Outdated
@@ -6,3 +8,4 @@
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster
# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have
gitea_admin commented 2026-05-29 08:34:09 +00:00
Owner
Copy Link

Line comment is truncated mid-sentence, making it unclear.

# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have

#ai-review-inline

Line comment is truncated mid-sentence, making it unclear. ```suggestion # forte-drop and forte-drop-mcp are scoped to upc-dev only — they have ``` #ai-review-inline
apps/overlays/upc-dev/kustomization.yaml Outdated
@@ -7,2 +9,4 @@
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster
# forte-drop and forte-drop-mcp are scoped to upc-dev only — they have
# hackathon-domain hardcoded values and must not sync to upc-prod.
gitea_admin commented 2026-05-29 08:34:09 +00:00
Owner
Copy Link

Line comment is truncated mid-sentence, making it unclear.

# hackathon-domain hardcoded values and must not sync to upc-prod.

#ai-review-inline

Line comment is truncated mid-sentence, making it unclear. ```suggestion # hackathon-domain hardcoded values and must not sync to upc-prod. ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration.

---

#ai-review-inline

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration. ```suggestion --- ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

apiVersion: bitnami.com/v1alpha1

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion apiVersion: bitnami.com/v1alpha1 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

kind: SealedSecret

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion kind: SealedSecret ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

metadata:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion metadata: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +2,4 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: forte-drop-secrets
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  name: forte-drop-secrets

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion name: forte-drop-secrets ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +4,4 @@
metadata:
name: forte-drop-secrets
namespace: forte-drop
spec:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

spec:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion spec: ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration.

---

#ai-review-inline

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration. ```suggestion --- ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

apiVersion: bitnami.com/v1alpha1

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion apiVersion: bitnami.com/v1alpha1 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

kind: SealedSecret

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion kind: SealedSecret ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

metadata:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion metadata: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +2,4 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: forte-drop-secrets
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  name: forte-drop-secrets

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion name: forte-drop-secrets ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +4,4 @@
metadata:
name: forte-drop-secrets
namespace: forte-drop
spec:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

spec:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion spec: ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration.

---

#ai-review-inline

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration. ```suggestion --- ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

apiVersion: bitnami.com/v1alpha1

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion apiVersion: bitnami.com/v1alpha1 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

kind: SealedSecret

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion kind: SealedSecret ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

metadata:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion metadata: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +2,4 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: forte-drop-secrets
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  name: forte-drop-secrets

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion name: forte-drop-secrets ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +4,4 @@
metadata:
name: forte-drop-secrets
namespace: forte-drop
spec:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

spec:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion spec: ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration.

---

#ai-review-inline

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration. ```suggestion --- ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

apiVersion: bitnami.com/v1alpha1

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion apiVersion: bitnami.com/v1alpha1 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

kind: SealedSecret

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion kind: SealedSecret ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

metadata:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion metadata: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +2,4 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: forte-drop-secrets
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  name: forte-drop-secrets

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion name: forte-drop-secrets ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +4,4 @@
metadata:
name: forte-drop-secrets
namespace: forte-drop
spec:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

spec:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion spec: ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +3,4 @@
kind: SealedSecret
metadata:
name: forte-drop-secrets
namespace: forte-drop
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  namespace: forte-drop

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion namespace: forte-drop ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration.

---

#ai-review-inline

Remove unnecessary '# added' comments from the SealedSecret file as they add no value and clutter the configuration. ```suggestion --- ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

apiVersion: bitnami.com/v1alpha1

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion apiVersion: bitnami.com/v1alpha1 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

kind: SealedSecret

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion kind: SealedSecret ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

metadata:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion metadata: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +2,4 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: forte-drop-secrets
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  name: forte-drop-secrets

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion name: forte-drop-secrets ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +4,4 @@
metadata:
name: forte-drop-secrets
namespace: forte-drop
spec:
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

spec:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion spec: ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:28 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +3,4 @@
kind: SealedSecret
metadata:
name: forte-drop-secrets
namespace: forte-drop
gitea_admin commented 2026-05-29 08:35:27 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  namespace: forte-drop

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion namespace: forte-drop ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:29 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +5,4 @@
name: forte-drop-secrets
namespace: forte-drop
spec:
encryptedData:
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  encryptedData:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion encryptedData: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +6,4 @@
namespace: forte-drop
spec:
encryptedData:
PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8
gitea_admin commented 2026-05-29 08:35:29 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

    PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +7,4 @@
spec:
encryptedData:
PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8
PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg==
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

    PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg==

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg== ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:29 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +5,4 @@
name: forte-drop-secrets
namespace: forte-drop
spec:
encryptedData:
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

  encryptedData:

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion encryptedData: ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +6,4 @@
namespace: forte-drop
spec:
encryptedData:
PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8
gitea_admin commented 2026-05-29 08:35:29 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

    PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8 ``` #ai-review-inline
apps/base/forte-drop/forte-drop-secrets-sealed.yaml Outdated
@@ -0,0 +7,4 @@
spec:
encryptedData:
PASSWORD_GATE_SECRET: AgAlZOSURqrQo7dqylFYetr50dWEgWNWTtBEjwgmIp/aFbr2X29xSD0gHpANIF+eXuZ1zGvTX9j2r4YoXgmcb/MjKMd85mYG7FTa0PFdxSxighvKOS3BWQwb7chgNFHMwiZNQAAMNUD6NjlfLZXS0V2SMI+5zz2siYjt8OfgLKfSx5v8+zDFb+pGrCUuUZlMaqFF2ZmOryYNMYYq69iE2EW8UQcP49tmP4aaPx5wIGq6nIo+Qc/c6L4K83nK5ijHEipkgEs0Z0vDTDT4ZBbV0Qyif+Uc1j0eG9+vvIkHBCrGC0WbLOCXiSwmzYF5U2uTRKUbkiPWfohW1Ds2hqveIwg6oSOhK6B+O9s17QagKenYBEER2WAXLq/BLbFpwwijZcGaVnIYsFLUjcheQVPEdaxIyOPh3/qhDjEBX7PevwDzEyOGB6W54TAndx/Go6+Mnvq4aefTOsD+Jy9Iqc3SI3mDoTCSuDMrgnE4QUlImm+Qtk+qPC35n36B9s7yqsHZISbC4zBGAwk7MFfhwTZ3t4z3WXBjevT1zFfs/NeQaRPlcRtO7656C62qroOITty0rT4JAbz93fanqHlqFmiMrYNUIu3wlbr/NGgMlZ1kRVnwIryVup5vljZmvhRtF+TGMwIA+3zbO9U3NasjScnh5sraOauIf7kVsBYTU/2oKb37HvroyILXd8fbpPq+lZ1ejcvVseC+heOI6hvvH/DYztgFn5s9egzcfauicCijWtk1jn0ym1RzOYBotP0VFhXX5bF1HHoGGwQWC32fgqFWwxJ8
PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg==
gitea_admin commented 2026-05-29 08:35:28 +00:00
Owner
Copy Link

Remove unnecessary '# added' comment.

    PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg==

#ai-review-inline

Remove unnecessary '# added' comment. ```suggestion PGPASSWORD: AgC5TnoWNEQK13fJHfxM8/ZHRlX85Kd11d8Ig+PgMGcLkxab7fvZJuzg7VX0iksK2UG/c1w1q8fRigMl1WWxmZvW2zM4/BsF45WR99QGt4Z1dhTFHdL5/7OZq2jDMYY5x/7gzCccb2pMAZS7p4rjnJM0EPd7YuMlhXZwIjXcck9Qu8GDpyEu1gg2A1tIfUzjvD+HeTbs6NLy16WHYpMG7Wv4WBNNPO+0k5Z0OwwXmIFSJvSMUHWBg/u2JCJ/1DL0zLyRCdXXOB8VVGok3TFbNscGQqFtFkaaVd0rA4Ao6abrsezcsfZFkcSsfVhATAw+M8ORYRC642BFJjzbhGSbDBsYq7aYyT86MVoqnRJgXK7/K2qzIeT9agM3sJm3ZuRjVCBDGdp/Xo2Rbtely8PH4GwEZI+vRFhTFAj5maduHMt0ZmScusOKuGvr0kFFXKw6XthBT3Arg5Q40upiBtPPrpWhWJYtgT3EfFuXNoc1c1Do7UZ5cmfe51sOBkMZjYk7+8B8a2IejKRflynBcCDQ7r2u76SF18dS5/R7jdOlreyL0yuEiULicKpX8BXPa9dN6Xja8OVPfIHvk0+TwnaYx7YaZDEXlyG0GKv9R3i0wykL1RdDCii6eRSJAp1UFmnCKZJJd9Y6djw7XBAd9G/ux8Vz45XkP+f2Kfgx32HmZsqPq2xaW5DoAeM33uDMfi3Ist+FVRtffuSrTQwBNp76VyhI7YY9MSB5JR1sBUGxGXtAGg== ``` #ai-review-inline
gitea_admin reviewed 2026-05-29 08:35:29 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
gitea_admin commented 2026-05-29 08:35:38 +00:00
Owner
Copy Link

What changed: Added new ArgoCD Applications for Forte Drop web service and MCP service with supporting Kubernetes resources.

Affected services/namespaces:

  • Creates new forte-drop namespace
  • Deploys forte-drop (web) and forte-drop-mcp applications
  • Only targets upc-dev overlay (excluded from production)

Infrastructure impact:

  • Adds PodDisruptionBudget maintaining minimum 1 replica for web pods
  • Creates namespace with sync-wave ordering and prune protection
  • Enables automated sync with prune and self-heal for both applications
  • References external Helm charts from forteapps.net Git repositories

Security notes:

  • REQUIRES REVIEW: Adds SealedSecret with encrypted database and S3 credentials
  • REQUIRES REVIEW: Creates two Keycloak client configurations for OIDC authentication
  • Uses hardcoded hackathon domain URLs in redirect URIs
  • Contains encrypted sensitive data (passwords, API keys, endpoints)

#ai-review-summary

**What changed**: Added new ArgoCD Applications for Forte Drop web service and MCP service with supporting Kubernetes resources. **Affected services/namespaces**: - Creates new `forte-drop` namespace - Deploys `forte-drop` (web) and `forte-drop-mcp` applications - Only targets `upc-dev` overlay (excluded from production) **Infrastructure impact**: - Adds PodDisruptionBudget maintaining minimum 1 replica for web pods - Creates namespace with sync-wave ordering and prune protection - Enables automated sync with prune and self-heal for both applications - References external Helm charts from forteapps.net Git repositories **Security notes**: - **REQUIRES REVIEW**: Adds SealedSecret with encrypted database and S3 credentials - **REQUIRES REVIEW**: Creates two Keycloak client configurations for OIDC authentication - Uses hardcoded hackathon domain URLs in redirect URIs - Contains encrypted sensitive data (passwords, API keys, endpoints) #ai-review-summary
jorgen.stensrud added 1 commit 2026-05-29 08:38:54 +00:00
refactor(apps): move forte-drop postgres from infra to apps
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
Details
96db244e03 
Per reviewer (danijel): forte-drop's DB deployment belongs in apps/,
not infra/. Straight relocation — same structure (Application +
resources/ subdir), source.path updated to apps/base/forte-drop-postgresql/resources,
wired into apps/overlays/upc-dev. Backup CronJob + RESTORE.md + sealed
pg creds move with it.

Consolidates the whole forte-drop deployment (postgres + web + mcp)
under apps/. The infra PR (#17) is now superseded by this.
jorgen.stensrud added 1 commit 2026-05-29 10:14:12 +00:00
chore(apps): clarify auth-oidc follow-up (drop commented-out resource line)
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
Details
61a8a2b4ac 
ai-review: a commented-out resource line reads as GitOps debt. Replace
the '# - auth-oidc-sealed.yaml' line with an explicit NOTE explaining
it's a deliberate post-deploy step (needs the registrar-generated
client-secret), not a disabled resource.
jorgen.stensrud commented 2026-05-29 10:14:36 +00:00
Author
Member
Copy Link

ai-review triage

Gått igjennom alle inline-kommentarene. Én fikset, resten avvist med begrunnelse.

Fikset

  • Commented-out auth-oidc-sealed.yaml linje (61a8a2b) — erstattet med en tydelig NOTE som forklarer at det er et bevisst post-deploy steg (krever registrar-generert client-secret), ikke en disabled resource.

Avvist — konvensjon

  • Hardkodet domene i keycloak-client redirectUris/webOrigins — alle self-service + legacy clients gjør identisk: vaultwarden (https://vaultwarden.forteapps.net/*), gitea, grafana, argocd. Ingen templating finnes i launchpad for dette. Realmen er per-cluster (id.forteapps.net dev / id.fortedigital.com prod), og forte-drop er scoped til upc-dev-overlay. Templating ville vært en ny abstraksjon ingen andre clients bruker.
  • targetRevision: HEADmain (×3) — alle eksisterende apps (mcp10x, argo-mcp, ts-mcp) bruker HEAD (6/6). Å endre kun forte-drop = inkonsistent.

Avvist — false positives

  • "Plain-text Secret" på keycloak-client-mcp — fila er registrar-input (labeled config Secret med client.json), inneholder ingen secret-verdi. clientAuthenticatorType: client-secret betyr Keycloak genererer secret; den står ikke i Git. Self-service-mønster per DEVELOPER-GUIDE.md.
  • "Truncated comment" i overlay kustomization — kommentaren er komplett multi-line, leses riktig i rekkefølge.
  • "Remove '# added' comments" (×10) i sealed secret — grep "# added" = ingen treff. Disse kommentarene finnes ikke i fila.

Klar for menneskelig review.

## ai-review triage Gått igjennom alle inline-kommentarene. Én fikset, resten avvist med begrunnelse. ### Fikset - **Commented-out `auth-oidc-sealed.yaml` linje** (`61a8a2b`) — erstattet med en tydelig NOTE som forklarer at det er et bevisst post-deploy steg (krever registrar-generert client-secret), ikke en disabled resource. ### Avvist — konvensjon - **Hardkodet domene i keycloak-client redirectUris/webOrigins** — alle self-service + legacy clients gjør identisk: `vaultwarden` (`https://vaultwarden.forteapps.net/*`), gitea, grafana, argocd. Ingen templating finnes i launchpad for dette. Realmen er per-cluster (id.forteapps.net dev / id.fortedigital.com prod), og forte-drop er scoped til upc-dev-overlay. Templating ville vært en ny abstraksjon ingen andre clients bruker. - **`targetRevision: HEAD` → `main`** (×3) — alle eksisterende apps (mcp10x, argo-mcp, ts-mcp) bruker `HEAD` (6/6). Å endre kun forte-drop = inkonsistent. ### Avvist — false positives - **"Plain-text Secret" på keycloak-client-mcp** — fila er registrar-input (labeled config Secret med `client.json`), inneholder ingen secret-verdi. `clientAuthenticatorType: client-secret` betyr Keycloak *genererer* secret; den står ikke i Git. Self-service-mønster per DEVELOPER-GUIDE.md. - **"Truncated comment"** i overlay kustomization — kommentaren er komplett multi-line, leses riktig i rekkefølge. - **"Remove '# added' comments"** (×10) i sealed secret — `grep "# added"` = ingen treff. Disse kommentarene finnes ikke i fila. Klar for menneskelig review.
danijel.simeunovic reviewed 2026-05-29 10:27:21 +00:00
danijel.simeunovic left a comment
Member
Copy Link

Din AI gjør en feil tolkning med secrets. Du trenger ikke vente på at noe skal opprettes og lage SealedSecret.

Du har allerede definert Keycloak client her apps/base/forte-drop/keycloak-client-forte-drop.yaml

Dette blir synket til keycloak namespace, en CronJob plukker opp og lager klienten og en secret, og dette pushes til ditt namespace som en secret. Så ingen ny SealedSecret skal være nødvendig.

Din AI gjør en feil tolkning med secrets. Du trenger ikke vente på at noe skal opprettes og lage SealedSecret. Du har allerede definert Keycloak client her `apps/base/forte-drop/keycloak-client-forte-drop.yaml` Dette blir synket til keycloak namespace, en CronJob plukker opp og lager klienten og en secret, og dette pushes til ditt namespace som en secret. Så ingen ny SealedSecret skal være nødvendig.
danijel.simeunovic commented 2026-05-29 10:28:24 +00:00
Member
Copy Link

Og du vurderer selv om ai-review label er noe som gir deg verdi. Jeg ser at den av og til blir litt chatty med mange meldinger, men dette kan vi justere i instructions og kanskje ha et tak på 5-10 mest kritiske.

Og du vurderer selv om `ai-review` label er noe som gir deg verdi. Jeg ser at den av og til blir litt chatty med mange meldinger, men dette kan vi justere i instructions og kanskje ha et tak på 5-10 mest kritiske.
danijel.simeunovic requested changes 2026-05-29 10:43:35 +00:00
Dismissed
apps/base/forte-drop/keycloak-client-forte-drop.yaml Outdated
@@ -0,0 +25,4 @@
"redirectUris": ["https://drop-k8s.hackathon.forteapps.net/auth/callback"],
"webOrigins": ["https://drop-k8s.hackathon.forteapps.net"],
"defaultClientScopes": ["openid","email","profile"]
}
danijel.simeunovic commented 2026-05-29 10:41:56 +00:00
Member
Copy Link

Det du mangler her er hvor du vil at Secret skal bli laget og med hvilke keys:

      "secret": {
        "namespace": "myapp",                # Where to create credential Secret
        "name": "myapp-oidc-credentials",    # Name of credential Secret
        "keys": {
          "clientId": "client-id",           # Key name for client ID
          "clientSecret": "client-secret"    # Key name for client secret
        }
      }
Det du mangler her er hvor du vil at `Secret` skal bli laget og med hvilke keys: ``` "secret": { "namespace": "myapp", # Where to create credential Secret "name": "myapp-oidc-credentials", # Name of credential Secret "keys": { "clientId": "client-id", # Key name for client ID "clientSecret": "client-secret" # Key name for client secret } } ```
danijel.simeunovic commented 2026-05-29 10:45:06 +00:00
Member
Copy Link

Detaljert forklaring, hvis interessant:

What a Developer Should Push

A developer deploying a new application must create a Config Secret in their application's namespace. This Secret contains the desired Keycloak client configuration.

The Format

Kubernetes Secret YAML:

apiVersion: v1
kind: Secret
metadata:
  name: keycloak-client-<app-name>          # Any descriptive name
  namespace: <app-namespace>                 # Your app's namespace (e.g., "myapp")
  labels:
    keycloak.forteapps.net/client-config: "true"  # REQUIRED - triggers processing
  annotations:
    keycloak.forteapps.net/source-namespace: "myapp"  # Optional - tracks ownership
stringData:
  client.json: |                             # REQUIRED - the client configuration
    {
      "clientId": "myapp",                   # Pre-determined by developer
      "name": "My Application",              # Display name in Keycloak UI
      "redirectUris": ["https://myapp.forteapps.net/*"],
      "webOrigins": ["https://myapp.forteapps.net"],
      "defaultClientScopes": ["openid", "email", "profile"],
      "protocolMappers": [],
      "secret": {
        "namespace": "myapp",                # Where to create credential Secret
        "name": "myapp-oidc-credentials",    # Name of credential Secret
        "keys": {
          "clientId": "client-id",           # Key name for client ID
          "clientSecret": "client-secret"    # Key name for client secret
        }
      }
    }

How It Works: Client ID vs Client Secret

Client ID (Pre-determined by Developer):

  • The developer chooses clientId (e.g., "myapp")
  • This becomes the public identifier for the OIDC client
  • Used in OAuth flows, login redirects, token requests
  • Stored in the credential Secret under the specified key (default: client-id)

Client Secret (Generated by Keycloak):

  • Keycloak auto-generates a cryptographically secure secret

  • The CronJob fetches it via: GET /admin/realms/forte/clients/{uuid}/client-secret

  • The CronJob then creates/updates TWO Secrets:

    1. Target Namespace Secret (myapp/myapp-oidc-credentials):

    apiVersion: v1
kind: Secret
metadata:
  name: myapp-oidc-credentials
  namespace: myapp
  labels:
    app.kubernetes.io/managed-by: keycloak-client-registrar
type: Opaque
data:
  client-id: bXlhcHA=           # base64("myapp") - from client.json
  client-secret: <base64>        # Generated by Keycloak

    2. Central Backup Secret (secrets/myapp-oidc-credentials):

    • Identical content
    • Always created even if target namespace doesn't exist
    • Used for external deployments, disaster recovery, auditing

Developer Workflow

  1. Create Config Secret in your Helm chart or Kustomize (in your app's namespace)

  2. Deploy - Kyverno policy clones it to keycloak namespace automatically

  3. Wait - CronJob picks it up within 2 minutes

  4. Reference the generated credential Secret in your Deployment:

    env:
- name: OIDC_CLIENT_ID
  valueFrom:
    secretKeyRef:
      name: myapp-oidc-credentials
      key: client-id
- name: OIDC_CLIENT_SECRET
  valueFrom:
    secretKeyRef:
      name: myapp-oidc-credentials
      key: client-secret

Change Detection

The CronJob computes a SHA256 hash of client.json. If unchanged and credential Secret exists, it skips processing. To force re-sync, modify any field in client.json (e.g., add trailing space to name).

Detaljert forklaring, hvis interessant: ### What a Developer Should Push A developer deploying a new application must create a __Config Secret__ in their application's namespace. This Secret contains the desired Keycloak client configuration. ### The Format __Kubernetes Secret YAML:__ ```yaml apiVersion: v1 kind: Secret metadata: name: keycloak-client-<app-name> # Any descriptive name namespace: <app-namespace> # Your app's namespace (e.g., "myapp") labels: keycloak.forteapps.net/client-config: "true" # REQUIRED - triggers processing annotations: keycloak.forteapps.net/source-namespace: "myapp" # Optional - tracks ownership stringData: client.json: | # REQUIRED - the client configuration { "clientId": "myapp", # Pre-determined by developer "name": "My Application", # Display name in Keycloak UI "redirectUris": ["https://myapp.forteapps.net/*"], "webOrigins": ["https://myapp.forteapps.net"], "defaultClientScopes": ["openid", "email", "profile"], "protocolMappers": [], "secret": { "namespace": "myapp", # Where to create credential Secret "name": "myapp-oidc-credentials", # Name of credential Secret "keys": { "clientId": "client-id", # Key name for client ID "clientSecret": "client-secret" # Key name for client secret } } } ``` ### How It Works: Client ID vs Client Secret __Client ID (Pre-determined by Developer):__ - The developer chooses `clientId` (e.g., `"myapp"`) - This becomes the public identifier for the OIDC client - Used in OAuth flows, login redirects, token requests - Stored in the credential Secret under the specified key (default: `client-id`) __Client Secret (Generated by Keycloak):__ - Keycloak auto-generates a cryptographically secure secret - The CronJob fetches it via: `GET /admin/realms/forte/clients/{uuid}/client-secret` - The CronJob then creates/updates __TWO__ Secrets: __1. Target Namespace Secret__ (`myapp/myapp-oidc-credentials`): ```yaml apiVersion: v1 kind: Secret metadata: name: myapp-oidc-credentials namespace: myapp labels: app.kubernetes.io/managed-by: keycloak-client-registrar type: Opaque data: client-id: bXlhcHA= # base64("myapp") - from client.json client-secret: <base64> # Generated by Keycloak ``` __2. Central Backup Secret__ (`secrets/myapp-oidc-credentials`): - Identical content - Always created even if target namespace doesn't exist - Used for external deployments, disaster recovery, auditing ### Developer Workflow 1. __Create Config Secret__ in your Helm chart or Kustomize (in your app's namespace) 2. __Deploy__ - Kyverno policy clones it to `keycloak` namespace automatically 3. __Wait__ - CronJob picks it up within 2 minutes 4. __Reference__ the generated credential Secret in your Deployment: ```yaml env: - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: myapp-oidc-credentials key: client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: myapp-oidc-credentials key: client-secret ``` ### Change Detection The CronJob computes a SHA256 hash of `client.json`. If unchanged and credential Secret exists, it skips processing. To force re-sync, modify any field in `client.json` (e.g., add trailing space to `name`).
danijel.simeunovic reviewed 2026-05-29 11:34:26 +00:00
apps/base/forte-drop-mcp/keycloak-client-forte-drop-mcp.yaml Outdated
@@ -0,0 +10,4 @@
keycloak.forteapps.net/client-config: "true"
stringData:
client.json: |
{
danijel.simeunovic commented 2026-05-29 11:34:26 +00:00
Member
Copy Link

Du trenger ikke en egen klient for mcp server. Det lages automatisk når du legger inn auth.type: mcp i helm values. Så denne kan slettes.

Du trenger ikke en egen klient for mcp server. Det lages automatisk når du legger inn `auth.type: mcp` i helm values. Så denne kan slettes.
jorgen.stensrud added 1 commit 2026-05-29 12:05:31 +00:00
refactor(apps): registrar-managed oidc creds, drop mcp client, DRY secret
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 5s
Details
338b4de3ba 
Per platform review (danijel):
- keycloak-client-forte-drop: add the secret{} block telling the
  registrar where to write the credential Secret + key names
  (forte-drop-oidc-credentials, client-id/client-secret). The
  forte-helm oidc sidecar consumes that registrar-created Secret —
  no manual auth-oidc SealedSecret step (removed that NOTE).
- Delete keycloak-client-forte-drop-mcp: auth.type: mcp auto-registers
  the MCP client; no manual config needed.
- Re-seal forte-drop-secrets with all shared env (BASE_DOMAIN, PG*,
  S3_*, PASSWORD_GATE_SECRET) so both deployments get identical values
  via envSecretName (values extraEnv now carries only APP_MODE).
jorgen.stensrud commented 2026-05-29 12:10:02 +00:00
Author
Member
Copy Link

Oppdatert etter platform-review (@danijel.simeunovic, på helm-prod-values #3)

Reviewen kom på #3 men flere punkter gjaldt launchpad-manifestene her. Adressert i 338b4de:

  • keycloak-client-forte-drop: la til secret-blokken — forteller registrar hvor + med hvilke keys credential-secreten lages: 
    "secret": {
  "namespace": "forte-drop",
  "name": "forte-drop-oidc-credentials",
  "keys": { "clientId": "client-id", "clientSecret": "client-secret" }
}
  • Slettet keycloak-client-forte-drop-mcp.yamlauth.type: mcp auto-registrerer mcp-klienten via chart. Ingen manuell config nødvendig.
  • Fjernet det manuelle auth-oidc SealedSecret-steget — du har rett: registrar lager forte-drop-oidc-credentials automatisk og sidecaren (auth.type: oidc) konsumerer den. Ingen seal-by-hand. Slettet NOTE-en i kustomization.
  • Re-sealet forte-drop-secrets med all delt env (BASE_DOMAIN, PG*, S3_*, PASSWORD_GATE_SECRET, 12 keys) — begge deployments mounter den via envSecretName, så values extraEnv har nå kun APP_MODE.

Tilhørende: app-en gjort helt auth-uvitende i egen forte_drop PR (slettet JWT/OIDC-kode). Klar for re-review.

## Oppdatert etter platform-review (@danijel.simeunovic, på helm-prod-values #3) Reviewen kom på #3 men flere punkter gjaldt launchpad-manifestene her. Adressert i `338b4de`: - **keycloak-client-forte-drop**: la til `secret`-blokken — forteller registrar hvor + med hvilke keys credential-secreten lages: ```json "secret": { "namespace": "forte-drop", "name": "forte-drop-oidc-credentials", "keys": { "clientId": "client-id", "clientSecret": "client-secret" } } ``` - **Slettet `keycloak-client-forte-drop-mcp.yaml`** — `auth.type: mcp` auto-registrerer mcp-klienten via chart. Ingen manuell config nødvendig. - **Fjernet det manuelle auth-oidc SealedSecret-steget** — du har rett: registrar lager `forte-drop-oidc-credentials` automatisk og sidecaren (auth.type: oidc) konsumerer den. Ingen seal-by-hand. Slettet NOTE-en i kustomization. - **Re-sealet `forte-drop-secrets`** med all delt env (BASE_DOMAIN, PG*, S3_*, PASSWORD_GATE_SECRET, 12 keys) — begge deployments mounter den via `envSecretName`, så values `extraEnv` har nå kun `APP_MODE`. Tilhørende: app-en gjort helt auth-uvitende i egen forte_drop PR (slettet JWT/OIDC-kode). Klar for re-review.
jorgen.stensrud commented 2026-05-29 12:12:29 +00:00
Author
Member
Copy Link

Gode tilbakemeldinger! Jeg tror jeg forstår litt og litt mer 😄 den ai-reviewen er litt chatty ja!

Gode tilbakemeldinger! Jeg tror jeg forstår litt og litt mer 😄 den ai-reviewen er litt chatty ja!
danijel.simeunovic commented 2026-05-29 12:48:06 +00:00
Member
Copy Link

Gode tilbakemeldinger! Jeg tror jeg forstår litt og litt mer 😄 den ai-reviewen er litt chatty ja!

Jeg har prøvd å justere litt og be om maks 10 kommentarer, men forstår ikke enda hvorfor den ignorerer... :)

> Gode tilbakemeldinger! Jeg tror jeg forstår litt og litt mer 😄 den ai-reviewen er litt chatty ja! > Jeg har prøvd å justere litt og be om maks 10 kommentarer, men forstår ikke enda hvorfor den ignorerer... :)
danijel.simeunovic requested changes 2026-05-29 12:51:44 +00:00
Dismissed
danijel.simeunovic left a comment
Member
Copy Link

Jeg så for meg at dette skulle plasseres i apps/overlays/upc-dev, ikke i base/.... Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde.

Jeg så for meg at dette skulle plasseres i `apps/overlays/upc-dev`, ikke i `base/...`. Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde.
jorgen.stensrud commented 2026-05-29 12:53:32 +00:00
Author
Member
Copy Link

Jeg så for meg at dette skulle plasseres i apps/overlays/upc-dev, ikke i base/.... Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde.

Skal jeg flytte det dit?

> Jeg så for meg at dette skulle plasseres i `apps/overlays/upc-dev`, ikke i `base/...`. Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde. Skal jeg flytte det dit?
danijel.simeunovic commented 2026-05-29 13:02:52 +00:00
Member
Copy Link

Jeg så for meg at dette skulle plasseres i apps/overlays/upc-dev, ikke i base/.... Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde.

Skal jeg flytte det dit?

Ja, gjerne.

> > Jeg så for meg at dette skulle plasseres i `apps/overlays/upc-dev`, ikke i `base/...`. Jeg innser at det ligger flere ting der som helst skulle flyttes, men det er min feil fordi de ble lagt inn før overlays kom inn i bilde. > > Skal jeg flytte det dit? > Ja, gjerne.
jorgen.stensrud added 1 commit 2026-06-01 10:26:10 +00:00
refactor(apps): move forte-drop apps from base to upc-dev overlay
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
Details
335dd1366d 
forte-drop, forte-drop-mcp and forte-drop-postgresql lived under apps/base/
but were only ever wired into the upc-dev overlay (never listed in
apps/base/kustomization.yaml). They carry hackathon-domain hardcoded values
and must not sync to upc-prod, so they belong in the overlay alongside
dbunk-demo — per danijel.simeunovic's review on PR #18.

- git mv the three dirs into apps/overlays/upc-dev/ (history preserved)
- rewrite overlay kustomization refs from ../../base/forte-drop* to local
- repoint forte-drop-postgresql Application path
  apps/base/... -> apps/overlays/upc-dev/forte-drop-postgresql/resources

Render-verified: kubectl kustomize apps/overlays/upc-dev differs only by the
postgres path line; apps/overlays/upc-prod render byte-identical (forte-drop
never reaches prod).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
jorgen.stensrud commented 2026-06-01 10:49:13 +00:00
Author
Member
Copy Link

Flyttet til apps/overlays/upc-dev (335dd13)

Som avtalt — forte-drop, forte-drop-mcp og forte-drop-postgresql flyttet fra apps/base/ til apps/overlays/upc-dev/ (ren git mv, historikk bevart). De var aldri listet i apps/base/kustomization.yaml — kun wiret inn via upc-dev-overlayet — så de hører hjemme her sammen med dbunk-demo.

Utover selve flyttingen:

  • overlay-kustomization: ../../base/forte-drop* → lokale refs
  • forte-drop-postgresql Application path: apps/base/...apps/overlays/upc-dev/forte-drop-postgresql/resources (selv-referanse til repoet, måtte følge med)

Verifisert render-nøytralt:

  • kubectl kustomize apps/overlays/upc-dev skiller seg kun på postgres-path-linja
  • apps/overlays/upc-prod render byte-identisk (forte-drop når aldri prod)

Review-gate (CLAUDE.md): codex + /code-review begge rene, ingen funn. Lot resten av apps/base/ urørt — de andre appene der deles mellom clustere; de "flere ting" du nevnte kan tas i egen PR.

Klar for re-review @danijel.simeunovic

## Flyttet til `apps/overlays/upc-dev` (`335dd13`) Som avtalt — `forte-drop`, `forte-drop-mcp` og `forte-drop-postgresql` flyttet fra `apps/base/` til `apps/overlays/upc-dev/` (ren `git mv`, historikk bevart). De var aldri listet i `apps/base/kustomization.yaml` — kun wiret inn via upc-dev-overlayet — så de hører hjemme her sammen med `dbunk-demo`. Utover selve flyttingen: - overlay-kustomization: `../../base/forte-drop*` → lokale refs - `forte-drop-postgresql` Application `path`: `apps/base/...` → `apps/overlays/upc-dev/forte-drop-postgresql/resources` (selv-referanse til repoet, måtte følge med) Verifisert render-nøytralt: - `kubectl kustomize apps/overlays/upc-dev` skiller seg kun på postgres-`path`-linja - `apps/overlays/upc-prod` render byte-identisk (forte-drop når aldri prod) Review-gate (CLAUDE.md): codex + `/code-review` begge rene, ingen funn. Lot resten av `apps/base/` urørt — de andre appene der deles mellom clustere; de "flere ting" du nevnte kan tas i egen PR. Klar for re-review @danijel.simeunovic
jorgen.stensrud requested review from danijel.simeunovic 2026-06-01 10:49:14 +00:00
danijel.simeunovic added 11 commits 2026-06-04 13:26:39 +00:00
feat(apps): forte-drop web + mcp ArgoCD applications d6e61c5663 
Two ArgoCD apps from the same forte-drop image:
- forte-drop (web): admin + public drops, sidecar in oidc mode,
  ingress drop-k8s.hackathon.forteapps.net.
- forte-drop-mcp (mcp): MCP-over-HTTP, sidecar in mcp mode,
  ingress mcp.drop-k8s.hackathon.forteapps.net.

Plus two labeled Keycloak client config Secrets — the registrar
creates the OIDC clients in the forte realm within ~2 min.

Sealed secrets (forte-drop-secrets + auth-oidc) added in a
follow-up commit by the maintainer:
  cd /Users/sten/dev/work/forte_k8/launchpad
  kubeseal --format=yaml \
    --controller-name=sealed-secrets-controller \
    --controller-namespace=kube-system \
    < private/forte-drop-secrets.yaml \
    > apps/base/forte-drop/forte-drop-secrets-sealed.yaml
  # auth-oidc: wait for registrar, copy client-secret into private/,
  # then seal as apps/base/forte-drop/auth-oidc-sealed.yaml.
  # (mcp deployment is sidecar type=mcp — no auth-oidc Secret needed;
  # only the web deployment requires it.)
docs(apps): clarify mcp deployment needs no auth-oidc secret a1a7c048c1
merge c840dbb4b5
feat(apps): PodDisruptionBudget for forte-drop web (minAvailable 1) 46f2d2d661
feat(apps): add forte-drop-secrets sealed secret 6d25437e98 
Sealed forte-drop-secrets with the real UpCloud Managed Object Storage
creds (existing drops bucket), PG creds matching the deployed
forte-drop-pg-creds, and PASSWORD_GATE_SECRET. Consumed by both web +
mcp deployments (envSecretName) and the pg-backup CronJob (S3 creds).
fix(apps): explicit forte-drop namespace (sync-wave -1, Prune=false) 6f6f8c1c55 
Codex review: the apps overlay applies namespaced resources
(keycloak-client Secrets, forte-drop-secrets, PDB) to forte-drop, but
no base created the namespace — first sync on a fresh cluster raced
ahead of the Applications' CreateNamespace and failed with
'namespaces forte-drop not found' until a retry.

Add an explicit Namespace at sync-wave -1 so it exists before the
wave-0 namespaced resources (covers both web + mcp bases via the
shared parent). Prune=false keeps removing a base from cascade-
deleting the namespace + postgres data + the other deployment.
refactor(apps): move forte-drop postgres from infra to apps 5913e0c4c0 
Per reviewer (danijel): forte-drop's DB deployment belongs in apps/,
not infra/. Straight relocation — same structure (Application +
resources/ subdir), source.path updated to apps/base/forte-drop-postgresql/resources,
wired into apps/overlays/upc-dev. Backup CronJob + RESTORE.md + sealed
pg creds move with it.

Consolidates the whole forte-drop deployment (postgres + web + mcp)
under apps/. The infra PR (#17) is now superseded by this.
chore(apps): clarify auth-oidc follow-up (drop commented-out resource line) d83cbdc7ca 
ai-review: a commented-out resource line reads as GitOps debt. Replace
the '# - auth-oidc-sealed.yaml' line with an explicit NOTE explaining
it's a deliberate post-deploy step (needs the registrar-generated
client-secret), not a disabled resource.
refactor(apps): registrar-managed oidc creds, drop mcp client, DRY secret e49c0928d2 
Per platform review (danijel):
- keycloak-client-forte-drop: add the secret{} block telling the
  registrar where to write the credential Secret + key names
  (forte-drop-oidc-credentials, client-id/client-secret). The
  forte-helm oidc sidecar consumes that registrar-created Secret —
  no manual auth-oidc SealedSecret step (removed that NOTE).
- Delete keycloak-client-forte-drop-mcp: auth.type: mcp auto-registers
  the MCP client; no manual config needed.
- Re-seal forte-drop-secrets with all shared env (BASE_DOMAIN, PG*,
  S3_*, PASSWORD_GATE_SECRET) so both deployments get identical values
  via envSecretName (values extraEnv now carries only APP_MODE).
refactor(apps): move forte-drop apps from base to upc-dev overlay e5da47efb3 
forte-drop, forte-drop-mcp and forte-drop-postgresql lived under apps/base/
but were only ever wired into the upc-dev overlay (never listed in
apps/base/kustomization.yaml). They carry hackathon-domain hardcoded values
and must not sync to upc-prod, so they belong in the overlay alongside
dbunk-demo — per danijel.simeunovic's review on PR #18.

- git mv the three dirs into apps/overlays/upc-dev/ (history preserved)
- rewrite overlay kustomization refs from ../../base/forte-drop* to local
- repoint forte-drop-postgresql Application path
  apps/base/... -> apps/overlays/upc-dev/forte-drop-postgresql/resources

Render-verified: kubectl kustomize apps/overlays/upc-dev differs only by the
postgres path line; apps/overlays/upc-prod render byte-identical (forte-drop
never reaches prod).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
merge
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 10s
Details
2a50028e51
danijel.simeunovic commented 2026-06-04 13:28:02 +00:00
Member
Copy Link

Du er utrolig god på detaljerte kommentarer og oppdateringer, veldig imponert! Bra jobba!

Du er utrolig god på detaljerte kommentarer og oppdateringer, veldig imponert! Bra jobba!
danijel.simeunovic approved these changes 2026-06-04 13:28:16 +00:00
jorgen.stensrud added 1 commit 2026-06-04 18:40:06 +00:00
fix(apps): point forte-drop oidc client at drop.forteapps.net
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 9s
Details
dbf299b1f5 
The hackathon-zone host never got DNS records (delegated Azure zone,
no wildcard); the app launches on drop.forteapps.net instead. Without
this the OIDC callback dies on redirect_uri mismatch.
jorgen.stensrud added 1 commit 2026-06-04 18:45:42 +00:00
fix(homepage): point Forte Drop link at drop.forteapps.net
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 38s
Details
6b8fb71f02 
The hackathon-zone host never got DNS; the app launches on
drop.forteapps.net. Also refresh a stale overlay comment that
referenced the hackathon domain.
jorgen.stensrud merged commit b713ec853c into main 2026-06-04 18:47:08 +00:00
jorgen.stensrud deleted branch feat/forte-drop-apps 2026-06-04 18:47:09 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
gitea_admin
danijel.simeunovic
Labels
Clear labels
ai-review
Request AI review on your pull request
No Label ai-review
Milestone
No items
No Milestone
Assignees
Clear assignees
danijel.simeunovic edvard.unsvag ellina.ivleva gitea_admin henrik.farstad jorgen.stensrud petter.schultz ragnhild.hande thomas.solbjor
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Forte/launchpad#18
Delete Branch "feat/forte-drop-apps"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?