From 426bb996ac3073ec144c5501f5575e7665a86cac Mon Sep 17 00:00:00 2001
From: colin <colin@nixc.us>
Date: Wed, 11 Jun 2025 15:53:55 -0400
Subject: [PATCH] Remove OAuth client secrets from CI build process -
 CLIENT_SECRET_PORTAINER/HEADSCALE/HEADADMIN not needed during build - These
 secrets are handled by Docker Swarm at runtime - Fixes Authelia container
 startup issues

---
 .woodpecker.yml | 32 ++++----------------------------
 1 file changed, 4 insertions(+), 28 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 17e26c1..5bf02f4 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -41,13 +41,7 @@ steps:
         from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
       IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
         from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      # Client Secrets
-      CLIENT_SECRET_HEADSCALE:
-        from_secret: CLIENT_SECRET_HEADSCALE
-      CLIENT_SECRET_HEADADMIN:
-        from_secret: CLIENT_SECRET_HEADADMIN
-      CLIENT_SECRET_PORTAINER:
-        from_secret: CLIENT_SECRET_PORTAINER
+      # OAuth Client Secrets removed - handled by Docker Swarm secrets at runtime
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands:
@@ -88,13 +82,7 @@ steps:
         from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
       IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
         from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      # Client Secrets
-      CLIENT_SECRET_HEADSCALE:
-        from_secret: CLIENT_SECRET_HEADSCALE
-      CLIENT_SECRET_HEADADMIN:
-        from_secret: CLIENT_SECRET_HEADADMIN
-      CLIENT_SECRET_PORTAINER:
-        from_secret: CLIENT_SECRET_PORTAINER
+      # OAuth Client Secrets removed - handled by Docker Swarm secrets at runtime
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands:
@@ -156,13 +144,7 @@ steps:
         from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
       IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
         from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      # Client Secrets
-      CLIENT_SECRET_HEADSCALE:
-        from_secret: CLIENT_SECRET_HEADSCALE
-      CLIENT_SECRET_HEADADMIN:
-        from_secret: CLIENT_SECRET_HEADADMIN
-      CLIENT_SECRET_PORTAINER:
-        from_secret: CLIENT_SECRET_PORTAINER
+      # OAuth Client Secrets removed - handled by Docker Swarm secrets at runtime
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands:
@@ -203,13 +185,7 @@ steps:
         from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
       IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
         from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      # Client Secrets
-      CLIENT_SECRET_HEADSCALE:
-        from_secret: CLIENT_SECRET_HEADSCALE
-      CLIENT_SECRET_HEADADMIN:
-        from_secret: CLIENT_SECRET_HEADADMIN
-      CLIENT_SECRET_PORTAINER:
-        from_secret: CLIENT_SECRET_PORTAINER
+      # OAuth Client Secrets removed - handled by Docker Swarm secrets at runtime
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands: