From 45fa964f192eed87e25b3d7da6e187aff3c3429d Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Tue, 19 May 2026 10:58:26 -0400 Subject: [PATCH] codeforphilly-ng: seal CFP_DATA_RELOAD_SECRET for hot-reload webhook The codeforphilly-ng API exposes `POST /api/_internal/reload-data` (https://github.com/CodeForPhilly/codeforphilly-ng/pull/70) for the `codeforphilly-data` repo's `Notify deployments` GH Action to call on push to `published`. The bearer secret on both sides must match. This seals the cluster-side copy; the data-repo-side copy is added as a GitHub repository secret on `codeforphilly-data`. --- codeforphilly-ng.secrets/codeforphilly-secrets.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/codeforphilly-ng.secrets/codeforphilly-secrets.yaml b/codeforphilly-ng.secrets/codeforphilly-secrets.yaml index 806bf15..ba99057 100644 --- a/codeforphilly-ng.secrets/codeforphilly-secrets.yaml +++ b/codeforphilly-ng.secrets/codeforphilly-secrets.yaml @@ -6,10 +6,11 @@ metadata: namespace: codeforphilly-rewrite-sandbox spec: encryptedData: - CFP_DATA_REMOTE: AgAj4UY/M3uFDp4jJLykFSzihy+C2uSQXHQuuyaOAd7ew14gpw6Vogu5oYMgM1y1yBv1sbJObbnh7ddexYqRfgFKJrgiwc60MoVzwbwt5JHQh1aJJIZ4xizvitbyT1h7GkLzLZbvLdJxAFH876wXn9zw0UAco62qsxkIQgoRGBN/Gq7SQDT6+HHv1Uc3LeDiqdnne49LIP/M32DSu8IQ0CffyA+pdAdTwCaRoMBh63rdhoLM4Ildvlt6jSWHP0dJFmYRP9gtKCKgLUycz7fXhU0xxYaAOc7T2Z0rVf6DkkZDaqwgKEFk52300kuz1xW3BufrZ2jCfcXs4AAwwUuWj17MNICq0dei7MDRurmGpgJJDdfaCvTD4+wggm/VUBvXWQIuhE9/PtIumx/brVCJQ05YmeyFSrL4D+COSmhlXS3vmngpy3lHB+2qEbwM8ZHnwB/Ff1XP4HVSPUdXejWU4vdFY6VQ/4hjCLDAgjQLGRTGBmaFX1aJqygjK1JzRnGts0aCniPTL/qF1s5OcHJeIAvkN0WleceEi5u7CnvEdAcSAfkYu0QiwnoXNeIhFzPekEJyP6c6KY9oaw+kEirWgvCwis5QUiGOIO4kFcGXfDVzCRu1GM4T7WV969n8nJSGcSQQSmVa4uPCAlZld8etvbR4xa8dSXaeZ6Nb6L3FIVqc05Zy0U9cnKnfSGKWvHEANtBA7ItPq9GUlE6DCTb9guwlUGWHpG7tk1iuTnUD5b0P5r7zALF7rAufCKHEPpNWn7Mfg/k= - CFP_JWT_SIGNING_KEY: AgClhcixIR+sgvwpmHiqkB3MOL9CTCgjRT7d7AcWkYe7tjXCdvj42x5RiTbHRJh7h8koWwvm/M9txEhCnkV8iT8O6vLAq1ZPBvSk+L+uh6dZDW92u8L0/WIpVxLF9CjLmD7YbLpt2LA7ntne3pbZM6XgH6Xs9yYVEdLhEZ4/vOgzwJF1o3rj6puVsx5pWdUFgl1AXsjUdwUEK7fYSyQIXOLeLY3TVquTRATC/BEXaJHTSqHJjGaDemr1+ZqdbysFCADtOOhjOUxbItfGsm0sIUFEFkPOf+rGrTt0Mqp8CAoJEgkwEITHjA8qXKsJN/zZmDDh5xutCw36k5KtABUMPcn+QT6EjK+N9EutM08Ul+DZL+KfHg5z9/B/3lL68xU/J7H2TbB93icSDgbvV/NEjiyZ7JnaZqt+fPDpl0Gs/QMAdjNxtqYCYp9gFj5MsM0s5qkx4mnrgSHyOACb2H96wqVI7LvIZqhjnpNqY5V8Qvhb7rjLedEsmLDfPSRJYrg7s/cpmdxaCyuBf/zqUSSCvjKo7L66lZ0t3lG+dtVy3fgRoabeOGB6hOY5Jj1GAK8avC4PZ0vLuYTTPIweOJOIakSL37Rxit4UgvuuoiB6oEqnsDD/9YBeZAJNjf3XNDDud7dScWhI1zRJ9N7qbHeAcSkWOO/CK+cFWXVB31ErBCrDIuiwiMnna5VurC96+xASRxGdeDh83I3f3uTM5OQCH0efUAHhw5ld3IAu/2wpfQK3ac2XziYn7L2QIyHOsULkAf0oRoJjodOX3V2Kmp3khY8w - GITHUB_OAUTH_CLIENT_ID: AgBZj/mQl8EKMl6Cey9OWK090/IecVx6YlonWqh7v63QOVwyFzj6ksObLC2Fw0H9OHaFtL3qGF1qGn35MyYI3uhGB1miLLYivGVA7jNHN8Wy4es/tDnZRHcsP4LI7NQMTsf1dz4tknLinpmZqPuMwwqcUCRrSasagmYLHREXZNvGm1ONSSniuoqmnQobj2v7/YNHhn7qK/kVqflOGb0n9Ai4bHvrgGuxXTHCvl/3N8Mb4p3/aWAJuxpFgc6n21MS7Hjn5mcMb/RwJ7TOn7F/BJnQ4Ii2nzZ5d6U0F37lnMBdN6/Bowp+MNynTttJ+SBUZkjidJ+9s/KXLUXJ8IQp+NR9Ycbbc0+osnHIAhZzBF7+4du0f0S7Te310vll6b4xd0oRoXSQ9FZcqlS5ysOCdgH98q9OWw5TJWF8KfwNq+j62YifICSz5u5FfUnbzTgxe7RctIkhW0elgHTJx07WJx2I53PrxbbrICnCqDSMQbWU5wcqyCXxmFXOBSMZG0Gycjg2rAWaPgot7Q7F752I8oOewB28uACYjHlULR/2BKrCf90+RZOFI4AhUctvTTMn4qR89QrDE5EIdJi5x/x7pcMiM6doWrL1MJdnQ/VEUa+AsJEDVWA0G1a4y/OIRI7rKyYZdpUSabmzQTBxk0CBMa07dX3N5IaX0+YDt2NosW+xtsjQugifYPze/AnKIFjdB5cHVQzdVWHIls4WKR9bOahstrScrQ== - GITHUB_OAUTH_CLIENT_SECRET: AgA5TBdNd4A6g04YyvGd+ZkpdTrQFeODGLY3MSA+M8STT6ejTBtlVmj0m4ooggPtOYXaUAYAytlANT51yRE7GGbAX5/SiHO04N4MJ2Qpw4Izb1j5OvqZSNRD/78D8Q2KUg+cp/AyqwGctG0v2UYg/qBw536+4q53EMSQzcS2HZADqw5sZNyuqBwA+vUfXFHXqU+ZZw+Dqa5E+2tdCLu6lZdsmM0oWM/iAbKfszT9aNRYJ8I2W6NPyUHLFmoRcDtxYKs1Wqk29Dhfuk7ZsanFrkN0C48a2F1167qhBJMf0dIZ7ZeenFpSoPv5XODOnB89G+ziA7pQVcccegZpA4/rhgoPV8jfFecuY8U+FqDQaAOxwVEXvFZ1kwbsYHO0Ggo1rPivJcCh1oYWufCWFvwLCzIQpZ+KV1wAzjrkcnNeM8kFSwnp3ptbI9ZzgxEbn5zcDC+mRP6O07urKta+4qW+TGepaUuDWN/Ocsz1UP6vEQMtr6fChAxkJFjfJo8O1270VlDLBa0vwF3rmtsUpsfR+OMk/kU7rjrTuJWLcXDiKWoZKprPivWqCcGGLh/7MVsDOYGo9Pc4f4fhrlv14cxIZLc9PhPhgY9MEkZhnqg3RCikRuB9otL6EkPrXx5+qiTl5JsP1Xau9mM77hE2eMY2lyWeokRvCWS7jkBR4q0gL5iuonHMck5ccsiFwBGHP7VFUQeo92p1FZdbX1g5gph7b942uRyuthZTKdfwD/qSBseg4r/06nLlK+Jh + CFP_DATA_RELOAD_SECRET: AgCh5GAKDGrJVKkcgPZJtMel0sIG+ascixrfjdGdjlQfUABVkGbSyWmbO5rp5KWI89xgkQ47e2bwaVC9fBUQV077bD2M4C2o91jcULztIIfM6cZ1YvwlH/bVszziATwixkOrdrl54SGRdw2o5TJfkfb5XW84oj1eviUILvQdvJa+xJ4HNyI6ZGdJRUz+gJGZ6VfDU8Dm1bFDdS2lA5/fQnrP4mWlxut5kYxoCPaTNuyyyFV5VfVy9lxmG2p/biaQB3EKTYzqBXgNHxqhe2Uqdc48U4QhEP2VE5bjEcn6qNbtxG7pLuGMnOLD1MKEDcaC97DO8mNeJymZlAO0Wfw6ocVVasLeLemJfcYUi2bnyAySCVQE3ue4eXMyQDLRVCSUHGJW3bFRug+c2qFfMlxT/Sgq9VgyS+H9JrF47VobAj9n+9Shkf6hhj9mtQRJ5WTjPuSzVvSDlwXN5Lm+yxY68vGYN5Nk+XrHXO4tPGoOZZ0d9rHXR2/0tg//uGhXxsNE+bJussvsAe0QTaO2t+hn10k8/r05lYNyXBD1Y2PB9kxrvTDjO19qL/N9eavQ2JTfXNYAdS5VFnA20XbofDmqmA7cU9oNxebKarI7I9aio41Pbu9bDDJcrMNNsikNDc2UU3cHfrQgGdXifR0pN0/bF+EuAhCpmaG9UQmh2CcgL9DONXDyb1SuuT//NarJEt5f7XPC8wkgPe1Ib+iMQ5sjKIk6+UcEPioPJ1DZmhtBdzz3xMZWmNj0YMtUtlQd2Ub7p9s= + CFP_DATA_REMOTE: AgBZH7MM3MzbnAm3x5qprO4AHciH4sPrAv0RzArpKOes3Jjm/Pqj2B6CrH3bsCXY653sBM283KhdLJ7iIsAO/nveQAlygGeg9nl1UsSOPOryJtDxD6WMMHB84mWp7A1KZ4sw4/V1Bsv6cf2yrLEe51MqP00vRAQ8auUjVARDJpXWVCWgUn8NuFsTz48wROYoYNyZy3wubWfyW8EfxdqcnXMG6BiwAa8Yiwyf9E+ZViNmm0Ob5OKgTI1zXzwi9Ztt60mvJYPVujwYjlTqpJVva68thgYz908OdE7/D1A7sKafohLngqNXf+06w//I8qq+kKiJG81LhHes9+tzwt9WevFedugk/545VLNK6tfEYE7axW8djDbPXuHSEC5JUWSH6+sbRLgxqOauKjcsbhL26e7ow6CKPbOeDu4yOsMWvOsf0u2S2YyAt8N1gV2Srih95VdLROQJvPoX76Gl6rTcM3VvQJhYiCJ55PRKTe+dRk+vVvDyzJC6ocNW9Xa2oSVFaawrn5kxBzwL6q+VVrMjoAPn+sra5EgsWFGE0QeXZ/AnFzGLWXTKQoo+WtnYvFgJzaKj3ThMmElcyANswnMNwJGgP+0NiNclPhIjQ/8VYPMk2TagFkpIRrnbiRHaeVr3pVAPv9TYkF+QiBhqUdanpjL2uyFnYZ4MJFZzo0nYMd54TD5JC1z2SXj3q5N99B1MzhduhsM0pQyXJrNdo4LAPoGlatODxvpOlzay3NthbQMW4T5AqqqJHgK0zntg6rNBiRSAUBQ= + CFP_JWT_SIGNING_KEY: AgCnPgt3NcjJ3RvmTaMZ4Kq8tsR4pu+9L0p/xY8llRb5ckVCUzq0h1rr11pkIRbNGRZvglT5evbg7wSOwsEGPgxCdhKCdY0RzO1/pQC7Kxa55HSgyZ/9peUMsqvIQpbmWraOEeduAuksOn1dp5yXUc3voVDlwYUvf7OUu9aCQH1fn8HZyBi+C5Ph7EmM+b1DQvLAopdhHpAZGC1RnBk0eyXDSYa61kj4jb8UBbm3xK8wYY+EfooZmhtMl0add89l7wom/Z+xDvZfrnTycJf4YNDXclvGbw6vBvnPQB5wTZYOwcA5KP6mutyxAdyjlr4mW66iGup99ajqE34C+ZLp31UK9hhP4CCIx3oWfwpTcsK3xHPY209whLMxL3ytsUfw0OqPBEUgZuwM4GOCFyZsJZsPrcWtQQMmX6dny98rT3Vft6+w++2+DiJe1maIHxhoZHbZuBrWYP6M48FgopAsBCgtVsN+eupylAVqtfCN1jOimssp5YXyiYgKoEJifjheuk9WQBhvvMQFFAtSfOli5slg0XNIl5xCNPY1OXIEsioX8BUG545XqoXnFnyXqS96xz54lRMKd1DuGvC0wv534yTzhoeunDV48SpPSpx5w7NLML34at2kL9UXKuqzxa/MsmO65czgEoaTX1hp7YrI1I/NW0CEpttd6s/udJO79/rnM5UVk55DBbRcV023iC+cEbhajkoOiQ+Dh85nRebe8hUQQbGlPJNepcXCUkr/Caukl+GlSUH7lzqRJrRDLhL88Ryjx6ZsaMTXp4UWj4ugt1F/ + GITHUB_OAUTH_CLIENT_ID: AgBfP+XD8AFv8IcrWcpvywpGBmEdsNLusuJKjmjKSfic81aMJ1pGmq7IkHRMUxb2Yvl7ly+V4jVd8je/cwsIc5OYaQJcy9Vyt23hqlXGZSgKFBhg5vIInK1J1bp+B9ucUFmXnCECCBdfJzAz9nI4ipNXnqFySy+Iw1rRFLreEW5hHnl48s5uYph0lzzXvJq1qsLyTgMfkU+od2wYHhCkUcDpAvdk2/Y8hMDe5TMfBLHyjaKr7nhYxPUAdYkSD/Ukfkxs2AOqBsE3rkDon4R9qxVSqCrFpxKXoYuVFhL3UVHXhaXGDH4omjI4eCjUp2VK6lZPX52QY3MTy1SebguFht3y+WZ93fdBmMQNnWXwVHBOe8Lu4DTdqDff20YZPwFv9+4C22ksdRen80kKgy5q7eVqENSBs1YdetWNftkE9b9U8wDwwJ3NVnGLormeizRjJDN6bECn/EgUQJr+tuk6yCZ53V16xerfIqG+aMpioM+LbFY8u9DQwTHm52KxPevsJC7Fic7tciOovgQgmuprOKgDEr6Q8koCE1aAREB0uTlgBVAX6Buv+Takho/fbOrvhhxSlzoUa2pwms+jUfLbjGTGzIgK9mK1/1ItecVArTeF6xdM56BygM5sYPsG9SE5kAgR0INMv9Y+n+5RYGom9fnDZlwBMlAzVmT0SjJDCTvxxiphoP+0a4ol3BixcwgSmCNQUZ3jAmOmWEg3E0+DH9wF0UXooQ== + GITHUB_OAUTH_CLIENT_SECRET: AgBaHYFRwVZ0RTzHdvTm+HpjMivKmvTYEoG2hy2fVBkCWEyeOavbR+hvibHJyRvCMbietNYxg4nQcvHFxyTTfbowWDDuVNvOIxUkXpST9lcIIJeMKSIy8ARvVl6ZHzXRjWh4qiiKYfcIGUssf9c3KgtHpWl8DNHxnhgbKyU1GVk1YKpEhZnzv4DDkeSrFi4Tq3XmnSBVu8K0txET1SnYyykam4cax3ag+3uOKEGFhhyp+2Xo89JO75ndzi6VRbe9XnCmzKmLedXPYRgI/ndxP0j3p8YofjivhFmluOTNP6hwDMISjbfX+cYRKPdLQ6fYf4vjivlaHnRl7iETaYq6WMjTXZ3PIfHuAGRkcipHqMTB27trfNwfiCDjxNT+nXAH/QyFHCWdDV+aaEkdeXmFBQja85ihPnAHjqThyTDboUL/MuPzncRWpa9bEevx0iAE+aKm2o5aqgsWoGWfoH0/lQCcItd31UoPNQBTDoOXj7J/EtGImt3GIztE5KDB+r0EqYJHk5PfoYEQwQVpFvwgBNlttcasmBLb/FtmH6ZkekWwQMss81/P503VqXk09AfXMLFkZU9sFIpHiY8mLzCe5G5zYWAve7dqAkPWgxa45MgZrZB3iycrzM7wyY3u0Wa2SKcExNL+RVYmtpKW9AAFbF6PJdBtgVj0n/jtxoQzG2A+K4f8kHTeSr7vWf2IChKmZDixn5hfENRD1mGiDVFyfFYtQolcsBOGVMBYyRTbuuXk7f1RCTzZQuS1 template: metadata: name: codeforphilly-secrets