toolshed/abra
4
3
Fork 18
Code Issues 30 Pull Requests 2 Packages Releases 41 Activity

Clearer error messages for non-generated secrets #665

New Issue
Closed
opened 2025-09-14 14:57:18 +00:00 by cyrnel · 4 comments
cyrnel commented 2025-09-14 14:57:18 +00:00
Member
Copy Link

Hello, I'm working on the renovate recipe here: coop-cloud/renovate#4

Renovate has no generated secrets, but the recipe user does need to set a token for accessing their git forge. I've set these in .env.sample and added the # generated=false comment as mentioned here: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-skip-secret-generation-for-a-specific-secret

  1. When running abra app new renovate, it will print the message "renovate requires secret generation before deploying", even though those secrets have generate=false comments in .env.sample.
    • Instead, Abra should say something like "renovate requires you to set some secrets before deploying, run abra app secret insert ...". It should print both messages if there's a mixture of generated and non-generated secrets.
  2. When enabling a new secret via abra app config and running abra app deploy, it will print the message "secret not generated: github_token".
    • Instead, the code should check if the secret is a generated secret or not, and change the error message accordingly. Also, ideally this error message should tell the user which abra app secret command to run to fix it.
Hello, I'm working on the renovate recipe here: https://git.coopcloud.tech/coop-cloud/renovate/pulls/4 Renovate has no generated secrets, but the recipe user does need to set a token for accessing their git forge. I've set these in .env.sample and added the `# generated=false` comment as mentioned here: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-skip-secret-generation-for-a-specific-secret 1. When running `abra app new renovate`, it will print the message "[renovate requires secret generation before deploying](https://git.coopcloud.tech/toolshed/abra/src/commit/09176801e169a2836cde1ab3610e57c6a2eb968b/cli/app/new.go#L195)", even though those secrets have `generate=false` comments in .env.sample. - Instead, Abra should say something like "renovate requires you to set some secrets before deploying, run `abra app secret insert ...`". It should print both messages if there's a mixture of generated and non-generated secrets. 2. When enabling a new secret via `abra app config` and running `abra app deploy`, it will print the message "[secret not generated: github_token](https://git.coopcloud.tech/toolshed/abra/src/commit/f53ba48efa6f37c5a61e86f829f87db9f0fa8d78/cli/app/deploy.go#L310)". - Instead, the code should check if the secret is a generated secret or not, and change the error message accordingly. Also, ideally this error message should tell the user which `abra app secret` command to run to fix it.
👍 2
decentral1se commented 2025-09-15 07:41:18 +00:00
Owner
Copy Link

Excellent report, thanks! Yes, I believe we have a boolean on the secret struct to indicate if it's a "no generate" or not and can adjust the messages accordingly. Thanks for testing this new feature out so fast 🔆

Excellent report, thanks! Yes, I believe we have a boolean on the secret struct to indicate if it's a "no generate" or not and can adjust the messages accordingly. Thanks for testing this new feature out so fast 🔆
decentral1se added the
bug
 label 2025-09-15 07:46:02 +00:00
decentral1se added this to the Abra v0.12 project 2025-09-15 07:46:23 +00:00
cyrnel commented 2025-09-19 03:28:41 +00:00
Author
Member
Copy Link

In this same vein, found a similar issue while testing coop-cloud/rauthy#7

  1. If you have some generated secrets and some non-generated secrets, abra app new --secrets will not respect the generated=false setting and will generate all secrets. If you leave out the --secrets flag, you'll get the message: WARN rauthy requires secret generation before deploying, run "abra app secret <app> --all". But if you run that, it will also ignore the generated=false setting and will generate all secrets.
In this same vein, found a similar issue while testing https://git.coopcloud.tech/coop-cloud/rauthy/pulls/7 3. If you have some generated secrets and some non-generated secrets, `abra app new --secrets` will not respect the `generated=false` setting and will generate all secrets. If you leave out the `--secrets` flag, you'll get the message: `WARN rauthy requires secret generation before deploying, run "abra app secret <app> --all"`. But if you run that, it will also ignore the `generated=false` setting and will generate all secrets.
decentral1se commented 2025-09-19 13:25:51 +00:00
Owner
Copy Link

Oh, i see something: it should be generate=false - is that not working for you? You seem to be mixing generate / generated?

That's what we're currently testing against:

.env.sample Line 20 in 5acb9970e2
#SECRET_TEST_SKIP_PASS_VERSION=v1 # generate=false

https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-skip-secret-generation-for-a-specific-secret

Oh, i see something: it should be `generate=false` - is that not working for you? You seem to be mixing `generate` / `generated`? That's what we're currently testing against: https://git.coopcloud.tech/toolshed/abra-test-recipe/src/commit/5acb9970e226b0be9860f2b661d9e59f5688cc5c/.env.sample#L20 https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-skip-secret-generation-for-a-specific-secret
cyrnel commented 2025-09-19 19:19:22 +00:00
Author
Member
Copy Link

Hmm just changed it and same issue:

root@host~/.abra/recipes/rauthy# grep "generate" .env.sample 
SECRET_ENC_KEYS_A_VERSION=a1  # generate=false
SECRET_ENC_KEYS_B_VERSION=b1  # generate=false
root@host~/.abra/recipes/rauthy# abra app new rauthy -C
INFO single server detected, choosing default automatically
? Specify app domain test.example.com
INFO test.example.com created (version: 2b11b5b3)
WARN rauthy requires secret generation before deploying, run "abra app secret generate test.example.com --all"

I sometimes do lose track of which of my attempts work and which fail though 😅

Hmm just changed it and same issue: ``` root@host~/.abra/recipes/rauthy# grep "generate" .env.sample SECRET_ENC_KEYS_A_VERSION=a1 # generate=false SECRET_ENC_KEYS_B_VERSION=b1 # generate=false root@host~/.abra/recipes/rauthy# abra app new rauthy -C INFO single server detected, choosing default automatically ? Specify app domain test.example.com INFO test.example.com created (version: 2b11b5b3) WARN rauthy requires secret generation before deploying, run "abra app secret generate test.example.com --all" ``` I sometimes do lose track of which of my attempts work and which fail though 😅
👀 1
decentral1se moved this to Prioritised in Abra v0.12 on 2025-09-28 22:56:47 +00:00
decentral1se moved this to In Progress in Abra v0.12 on 2025-09-29 06:57:36 +00:00
decentral1se started working 2025-09-29 06:58:23 +00:00
decentral1se worked for 1 hour 39 minutes 2025-09-29 08:38:17 +00:00
decentral1se moved this to Done in Abra v0.12 on 2025-09-30 17:03:25 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
build
go build related issues
ci/cd
Building things with CI/CD
critical fix
https://docs.coopcloud.tech/federation/resolutions/passed/010/
design
UI/UX
documentation
Documenting all the things
duplicate
This issue or pull request already exists
easy-first-issue
Something for new people to get stuck into. We hope it's easy!
enhancement
New feature
help wanted
Need some help
i10n
Everything to do with localisation
i18n
Everything to do with internationalisation
installer
Everything to do with the install script.
invalid
Something is wrong
question
More information is needed
release
Release management
release-candidate
Related to the new release candidate
security
Security related
test
Unit/integration testing
wontfix
This won't be fixed
No Label
bug
Milestone
No items
No Milestone
Projects
Clear projects
No project Abra v0.12
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm carla cas coopcloud cyrnel decentral1se fauno iexos jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband moritz p4u1 renovate-bot ripclap simon sixsmith trav val yksflip
No Assignees
2 Participants
Notifications
Total Time Spent: 1 hour 39 minutes
decentral1se
1 hour 39 minutes
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: toolshed/abra#665
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?