From 6b18ed0443718d59386aff05f7ae8dea3ba3eaa1 Mon Sep 17 00:00:00 2001
From: "franz.germann" <franz.germann@telekom.de>
Date: Tue, 4 Mar 2025 12:41:32 +0100
Subject: [PATCH] adds external secret for forgejo client

---
 .../forgejo/forgejo-sso/secret-forgejo.yaml   | 21 +++++++++++++++++++
 template/stacks/core/forgejo/secret.yaml      |  9 --------
 template/stacks/core/forgejo/values.yaml      |  2 +-
 3 files changed, 22 insertions(+), 10 deletions(-)
 create mode 100644 template/stacks/core/forgejo/forgejo-sso/secret-forgejo.yaml
 delete mode 100644 template/stacks/core/forgejo/secret.yaml

diff --git a/template/stacks/core/forgejo/forgejo-sso/secret-forgejo.yaml b/template/stacks/core/forgejo/forgejo-sso/secret-forgejo.yaml
new file mode 100644
index 0000000..09318c3
--- /dev/null
+++ b/template/stacks/core/forgejo/forgejo-sso/secret-forgejo.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: auth-generic-oauth-secret
+  namespace: gitea 
+spec:
+  secretStoreRef:
+    name: keycloak
+    kind: ClusterSecretStore
+  refreshInterval: "0"
+  target:
+    name: auth-generic-oauth-secret
+    template:
+      engineVersion: v2
+      data:
+        client_secret: "{{.FORGEJO_CLIENT_SECRET}}"
+  data:
+    - secretKey: FORGEJO_CLIENT_SECRET
+      remoteRef:
+        key: keycloak-clients
+        property: FORGEJO_CLIENT_SECRET
\ No newline at end of file
diff --git a/template/stacks/core/forgejo/secret.yaml b/template/stacks/core/forgejo/secret.yaml
deleted file mode 100644
index 7d33fd6..0000000
--- a/template/stacks/core/forgejo/secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: forgejo-oidc
-  namespace: gitea
-type: Opaque
-stringData:
-  key: forgejo
-  secret: uWEGALJKmNyUojJaK5LAK0w4OCEEDpDu
\ No newline at end of file
diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml
index 4d81041..b24d023 100644
--- a/template/stacks/core/forgejo/values.yaml
+++ b/template/stacks/core/forgejo/values.yaml
@@ -31,7 +31,7 @@ gitea:
       ENABLE_AUTO_REGISTRATION: true
       ACCOUNT_LINKING: auto      
 #  oauth:
-#   - name: 'Keycloak'
+#    - name: 'Keycloak'
 #      provider: 'openidConnect'
 #      # key: 'forgejo'
 #      # secret: 'uWEGALJKmNyUojJaK5LAK0w4OCEEDpDu'