@firestartr/cli 1.52.0-snapshot-5 → 1.52.0-snapshot-6

package/build/index.js

@@ -354781,24 +354781,24 @@ var libsodium_wrappers_default = /*#__PURE__*/__nccwpck_require__.n(libsodium_wr
 
 
 
-async function getRepoPublicKey(owner, repo) {
+async function getRepoPublicKey(owner, repo, section) {
     github_src_logger.info(`Retrieving public key for ${owner}/${repo}`);
     try {
         const octokit = await getOctokitForOrg(owner);
-        const { data } = await octokit.actions.getRepoPublicKey({
+        const { data } = await octokit[section].getRepoPublicKey({
             owner,
             repo,
         });
         return data;
     }
     catch (error) {
-        github_src_logger.error(`Error retrieving public key for ${owner}/${repo}: ${error}`);
+        github_src_logger.error(`Error retrieving public key (${section}) for ${owner}/${repo}: ${error}`);
         throw error;
     }
 }
-async function encryptRepoSecret(owner, repo, plaintextValue) {
+async function encryptRepoSecret(owner, repo, section, plaintextValue) {
     try {
-        const { key_id, key } = await getRepoPublicKey(owner, repo);
+        const { key_id, key } = await getRepoPublicKey(owner, repo, section);
         await (libsodium_wrappers_default()).ready;
         const publicKey = libsodium_wrappers_default().from_base64(key, (libsodium_wrappers_default()).base64_variants.ORIGINAL);
         const secretBytes = libsodium_wrappers_default().from_string(plaintextValue);
@@ -357975,6 +357975,9 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
                                     type: 'boolean',
                                     description: 'If the webhook is active',
                                 },
+                                secretRef: {
+                                    $ref: 'firestartr.dev://github/GithubComponentClaimSecretRef',
+                                },
                                 events: {
                                     type: 'array',
                                     description: 'List of events that trigger the webhook (e.g., push, pull_request, issues)',
@@ -357983,7 +357986,7 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
                                     },
                                 },
                             },
-                            required: ['url', 'contentType', 'events'],
+                            required: ['url', 'contentType', 'events', 'secretRef'],
                         },
                     },
                     required: ['orgName', 'webhook'],
@@ -361732,6 +361735,7 @@ function toJson_FirestartrGithubOrgWebhookSpecWebhookSecretRef(obj) {
         return undefined;
     }
     const result = {
+        'kind': obj.kind,
         'name': obj.name,
         'key': obj.key,
     };
@@ -361780,6 +361784,17 @@ function toJson_FirestartrGithubOrgWebhookSpecWriteConnectionSecretToRefOutputs(
     // filter undefined values
     return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
 }
+/* eslint-enable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
+/**
+ * The type of Kubernetes resource to reference.
+ *
+ * @schema FirestartrGithubOrgWebhookSpecWebhookSecretRefKind
+ */
+var FirestartrGithubOrgWebhookSpecWebhookSecretRefKind;
+(function (FirestartrGithubOrgWebhookSpecWebhookSecretRefKind) {
+    /** Secret */
+    FirestartrGithubOrgWebhookSpecWebhookSecretRefKind["SECRET"] = "Secret";
+})(FirestartrGithubOrgWebhookSpecWebhookSecretRefKind || (FirestartrGithubOrgWebhookSpecWebhookSecretRefKind = {}));
 /**
  * Converts an object of type 'FirestartrGithubOrgWebhookSpecContextBackendRef' to JSON representation.
  */
@@ -361908,7 +361923,6 @@ function toJson_FirestartrGithubRepositorySpec(obj) {
         'actions': toJson_FirestartrGithubRepositorySpecActions(obj.actions),
         'pages': toJson_FirestartrGithubRepositorySpecPages(obj.pages),
         'permissions': obj.permissions?.map(y => toJson_FirestartrGithubRepositorySpecPermissions(y)),
-        'secrets': toJson_FirestartrGithubRepositorySpecSecrets(obj.secrets),
         'vars': toJson_FirestartrGithubRepositorySpecVars(obj.vars),
         'branchProtections': obj.branchProtections?.map(y => toJson_FirestartrGithubRepositorySpecBranchProtections(y)),
         'writeConnectionSecretToRef': toJson_FirestartrGithubRepositorySpecWriteConnectionSecretToRef(obj.writeConnectionSecretToRef),
@@ -362020,22 +362034,6 @@ function toJson_FirestartrGithubRepositorySpecPermissions(obj) {
     // filter undefined values
     return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
 }
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecrets' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecrets(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'actions': obj.actions?.map(y => toJson_FirestartrGithubRepositorySpecSecretsActions(y)),
-        'codespaces': obj.codespaces?.map(y => toJson_FirestartrGithubRepositorySpecSecretsCodespaces(y)),
-        'dependabot': obj.dependabot?.map(y => toJson_FirestartrGithubRepositorySpecSecretsDependabot(y)),
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
 /**
  * Converts an object of type 'FirestartrGithubRepositorySpecVars' to JSON representation.
  */
@@ -362203,51 +362201,6 @@ function toJson_FirestartrGithubRepositorySpecPermissionsRef(obj) {
     // filter undefined values
     return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
 }
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsActions' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsActions(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'name': obj.name,
-        'ref': toJson_FirestartrGithubRepositorySpecSecretsActionsRef(obj.ref),
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsCodespaces' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsCodespaces(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'name': obj.name,
-        'ref': toJson_FirestartrGithubRepositorySpecSecretsCodespacesRef(obj.ref),
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsDependabot' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsDependabot(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'name': obj.name,
-        'ref': toJson_FirestartrGithubRepositorySpecSecretsDependabotRef(obj.ref),
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
 /**
  * Converts an object of type 'FirestartrGithubRepositorySpecVarsVariableItemSchema' to JSON representation.
  */
@@ -362324,54 +362277,6 @@ function toJson_FirestartrGithubRepositorySpecContextProviderRef(obj) {
     // filter undefined values
     return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
 }
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsActionsRef' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsActionsRef(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'kind': obj.kind,
-        'name': obj.name,
-        'key': obj.key,
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsCodespacesRef' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsCodespacesRef(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'kind': obj.kind,
-        'name': obj.name,
-        'key': obj.key,
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsDependabotRef' to JSON representation.
- */
-/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
-function toJson_FirestartrGithubRepositorySpecSecretsDependabotRef(obj) {
-    if (obj === undefined) {
-        return undefined;
-    }
-    const result = {
-        'kind': obj.kind,
-        'name': obj.name,
-        'key': obj.key,
-    };
-    // filter undefined values
-    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
-}
 /**
  * Converts an object of type 'FirestartrGithubRepositorySpecVarsVariableItemSchemaRef' to JSON representation.
  */
@@ -364343,10 +364248,7 @@ class GithubOrgWebhookChart extends BaseGithubChart {
                 webhook: {
                     url: claim.providers.github.webhook.url,
                     contentType: claim.providers.github.webhook.contentType,
-                    secretRef: {
-                        name: claim.providers.github.webhook.secretRef.name,
-                        key: claim.providers.github.webhook.secretRef.key,
-                    },
+                    secretRef: this.renderSecret(claim.providers.github.webhook.secretRef),
                     active: claim.providers.github.webhook.active,
                     events: claim.providers.github.webhook.events,
                 },
@@ -364357,6 +364259,17 @@ class GithubOrgWebhookChart extends BaseGithubChart {
             },
         };
     }
+    renderSecret(secret) {
+        const parts = secret.split(':');
+        if (parts.length < 4) {
+            throw `GithubOrgWebhookChart: invalid secretRef: ${secret}`;
+        }
+        return {
+            kind: 'Secret',
+            name: parts[2],
+            key: parts[3],
+        };
+    }
     gvk() {
         return FirestartrGithubOrgWebhook.GVK;
     }
@@ -364911,7 +364824,8 @@ class SecretsChart extends BaseSecretsChart {
         const pushSecrets = this.get('pushSecrets');
         const kind = this.get('claim').kind;
         const name = this.get('claim').name;
-        const concatenated = externalSecrets
+        const concatenated = []
+            .concat(externalSecrets)
             .concat(pushSecrets)
             .filter((el) => el !== undefined);
         return concatenated.map((chart) => {
@@ -367701,9 +367615,11 @@ async function getSyncStatus(itemPath, itemCR) {
     else {
         const nextSyncDate = new Date(syncCondition.nextSyncTime);
         const isLapsed = Date.now() >= nextSyncDate.getTime();
-        const mode = (await getSyncSpecs(itemPath, item)).schedule
-            ? 'Scheduled'
-            : 'Period';
+        const mode = !helperIsSyncable(item)
+            ? 'NotSyncable'
+            : (await getSyncSpecs(itemPath, item)).schedule
+                ? 'Scheduled'
+                : 'Period';
         return {
             itemPath,
             syncMode: mode,
@@ -367744,7 +367660,7 @@ function helperIsSyncable(item) {
 }
 async function processNotSyncable(item, reason, status, message) {
     return {
-        syncMode: 'Period',
+        syncMode: 'NotSyncable',
         conditions: [
             {
                 reason,
@@ -369257,100 +369173,6 @@ function provisionDefaultBranch(scope, fsGithubRepository, repo) {
     return branchDefault;
 }
 
-// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/actions-secret/index.js
-var actions_secret = __nccwpck_require__(89039);
-// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/codespaces-secret/index.js
-var codespaces_secret = __nccwpck_require__(80659);
-// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/dependabot-secret/index.js
-var dependabot_secret = __nccwpck_require__(16281);
-;// CONCATENATED MODULE: ../provisioner/src/entities/firestartrgithubrepository/helpers/RepositorySecret.ts
-
-
-
-
-
-
-async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
-    const sections = ['actions', 'codespaces', 'dependabot'];
-    if ('secrets' in fsGithubRepository.spec) {
-        const secrets = fsGithubRepository.spec.secrets;
-        for (const section of sections) {
-            if (section in secrets) {
-                for (const secret of secrets[section]) {
-                    await provisionRepositorySecret(scope, fsGithubRepository, section, secret.name, secret.ref, repo);
-                }
-            }
-        }
-    }
-    else {
-        provisioner_src_logger.info(`FirestartrGithubRepository ${fsGithubRepository.metadata.name} does not have a secrets section`);
-    }
-}
-async function provisionRepositorySecret(scope, repo, section, repoSecretName, secretRef, repoResource) {
-    provisioner_src_logger.info(`Provisioning repo secret ${repo.metadata.name}/${section}/${repoSecretName}`);
-    const secretClass = section === 'actions'
-        ? actions_secret/* ActionsSecret */.N
-        : section === 'codespaces'
-            ? codespaces_secret/* CodespacesSecret */.k
-            : section === 'dependabot'
-                ? dependabot_secret/* DependabotSecret */.c
-                : null;
-    if (secretClass) {
-        const fSecretCreation = process.env['AVOID_PROVIDER_SECRET_ENCRYPTION']
-            ? createUnencryptedSecret
-            : createEncryptedSecrect;
-        await fSecretCreation(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource);
-        provisioner_src_logger.info(`RepoSecret provisioned ${section}-${repoSecretName.toLowerCase()}-secret`);
-    }
-}
-async function createEncryptedSecrect(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
-    const { key_id, encrypted_value } = await encryptSecret(repo, secretRef);
-    const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
-    const plainTextSecret = repo.resolveSecretRef({
-        name: secretRef.name,
-        key: secretRef.key,
-    });
-    const sha256 = external_crypto_default().createHash('sha256')
-        .update(plainTextSecret)
-        .digest('hex');
-    const secretResourceName = `_${repoSecretName}-${sha256.slice(0, 12)}`;
-    const instanceLifecycle = {
-        ignoreChanges: ['encrypted_value'],
-    };
-    const sc = new secretClass(scope, secretResourceName, {
-        secretName: repoSecretName,
-        repository: repo.metadata.name,
-        encryptedValue: encrypted_value,
-        dependsOn: [repoResource],
-        lifecycle: instanceLifecycle,
-    });
-    repo.addResourceToStack(resourceKey, sc);
-}
-async function createUnencryptedSecret(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
-    const plainTextSecret = repo.resolveSecretRef({
-        name: secretRef.name,
-        key: secretRef.key,
-    });
-    const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
-    const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
-    const sc = new secretClass(scope, tfStateKey, {
-        secretName: repoSecretName,
-        plaintextValue: plainTextSecret,
-        repository: repo.metadata.name,
-        dependsOn: [repoResource],
-    });
-    provisioner_src_logger.info(tfStateKey);
-    repo.addResourceToStack(resourceKey, sc);
-}
-async function encryptSecret(repo, secretRef) {
-    const plainTextSecret = repo.resolveSecretRef({
-        name: secretRef.name,
-        key: secretRef.key,
-    });
-    const v = await github_0.encryption.encryptRepoSecret(process.env.ORG, repo.metadata.name, plainTextSecret);
-    return v;
-}
-
 // EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/actions-variable/index.js
 var actions_variable = __nccwpck_require__(81133);
 ;// CONCATENATED MODULE: ../provisioner/src/entities/firestartrgithubrepository/helpers/RepositoryVariable.ts
@@ -369407,7 +369229,6 @@ async function provisionRepositoryVar(scope, repo, section, repoVarName, value,
 
 
 
-
 class FirestartrGithubRepository_FirestartrGithubRepository extends Entity {
     constructor(artifact, deps) {
         super(artifact, deps);
@@ -369422,7 +369243,6 @@ class FirestartrGithubRepository_FirestartrGithubRepository extends Entity {
         }
         provisionCodeowners(scope, this.mainResource, branchDefault, this);
         provisionPermissions(scope, this.mainResource, this);
-        await provisionRepositorySecrets(scope, this.mainResource, this);
         await provisionRepositoryVariables(scope, this.mainResource, this);
     }
     async orgHasOneOfThesePlans(org, plans) {
@@ -369654,6 +369474,12 @@ class FirestartrTerraformModuleEntity extends Entity {
     }
 }
 
+// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/actions-secret/index.js
+var actions_secret = __nccwpck_require__(89039);
+// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/codespaces-secret/index.js
+var codespaces_secret = __nccwpck_require__(80659);
+// EXTERNAL MODULE: ../provisioner/node_modules/@cdktf/provider-github/lib/dependabot-secret/index.js
+var dependabot_secret = __nccwpck_require__(16281);
 ;// CONCATENATED MODULE: ../provisioner/src/entities/firestartrgithubrepositorysecretssection/helpers/RepositorySecret.ts
 
 
@@ -369661,14 +369487,18 @@ class FirestartrTerraformModuleEntity extends Entity {
 
 
 
-async function RepositorySecret_provisionRepositorySecrets(scope, fsGithubRepositorySecretsSection, repo) {
-    const sections = ['actions', 'codespaces', 'dependabot'];
+async function provisionRepositorySecrets(scope, fsGithubRepositorySecretsSection, repo) {
+    const sections = [
+        'actions',
+        'codespaces',
+        'dependabot',
+    ];
     if ('secrets' in fsGithubRepositorySecretsSection.spec) {
         const secrets = fsGithubRepositorySecretsSection.spec.secrets;
         for (const section of sections) {
             if (section in secrets) {
                 for (const secret of secrets[section]) {
-                    await RepositorySecret_provisionRepositorySecret(scope, fsGithubRepositorySecretsSection, section, secret.name, secret.ref, repo);
+                    await provisionRepositorySecret(scope, fsGithubRepositorySecretsSection, section, secret.name, secret.ref, repo);
                 }
             }
         }
@@ -369677,7 +369507,7 @@ async function RepositorySecret_provisionRepositorySecrets(scope, fsGithubReposi
         provisioner_src_logger.info(`FirestartrGithubRepository ${fsGithubRepositorySecretsSection.metadata.name} does not have a secrets section`);
     }
 }
-async function RepositorySecret_provisionRepositorySecret(scope, rss, section, repoSecretName, secretRef, repoResource) {
+async function provisionRepositorySecret(scope, rss, section, repoSecretName, secretRef, repoResource) {
     provisioner_src_logger.info(`Provisioning repo secret ${rss.metadata.name}/${section}/${repoSecretName}`);
     const secretClass = section === 'actions'
         ? actions_secret/* ActionsSecret */.N
@@ -369688,14 +369518,14 @@ async function RepositorySecret_provisionRepositorySecret(scope, rss, section, r
                 : null;
     if (secretClass) {
         const fSecretCreation = process.env['AVOID_PROVIDER_SECRET_ENCRYPTION']
-            ? RepositorySecret_createUnencryptedSecret
-            : RepositorySecret_createEncryptedSecrect;
+            ? createUnencryptedSecret
+            : createEncryptedSecret;
         await fSecretCreation(scope, rss, secretRef, secretClass, section, repoSecretName, repoResource);
         provisioner_src_logger.info(`RepoSecret provisioned ${section}-${repoSecretName.toLowerCase()}-secret`);
     }
 }
-async function RepositorySecret_createEncryptedSecrect(scope, rss, secretRef, secretClass, section, repoSecretName, repo) {
-    const { key_id, encrypted_value } = await RepositorySecret_encryptSecret(rss, secretRef);
+async function createEncryptedSecret(scope, rss, secretRef, secretClass, section, repoSecretName, repo) {
+    const { key_id, encrypted_value } = await encryptSecret(rss, secretRef, section);
     const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
     const plainTextSecret = rss.resolveSecretRef({
         name: secretRef.name,
@@ -369716,7 +369546,7 @@ async function RepositorySecret_createEncryptedSecrect(scope, rss, secretRef, se
     });
     rss.addResourceToStack(resourceKey, sc);
 }
-async function RepositorySecret_createUnencryptedSecret(scope, rss, secretRef, secretClass, section, repoSecretName, repo) {
+async function createUnencryptedSecret(scope, rss, secretRef, secretClass, section, repoSecretName, repo) {
     const plainTextSecret = rss.resolveSecretRef({
         name: secretRef.name,
         key: secretRef.key,
@@ -369731,12 +369561,12 @@ async function RepositorySecret_createUnencryptedSecret(scope, rss, secretRef, s
     provisioner_src_logger.info(tfStateKey);
     rss.addResourceToStack(resourceKey, sc);
 }
-async function RepositorySecret_encryptSecret(rss, secretRef) {
+async function encryptSecret(rss, secretRef, section) {
     const plainTextSecret = rss.resolveSecretRef({
         name: secretRef.name,
         key: secretRef.key,
     });
-    const v = await github_0.encryption.encryptRepoSecret(process.env.ORG, rss.metadata.name, plainTextSecret);
+    const v = await github_0.encryption.encryptRepoSecret(process.env.ORG, rss.metadata.name, section, plainTextSecret);
     return v;
 }
 
@@ -369750,7 +369580,7 @@ class FirestartrGithubRepositorySecretsSection_FirestartrGithubRepositorySecrets
     async loadResources(data) {
         const { scope } = data;
         const repo = this.resolveRef(this.spec.repositoryTarget.ref);
-        await RepositorySecret_provisionRepositorySecrets(scope, this, repo);
+        await provisionRepositorySecrets(scope, this, repo);
     }
 }
 

package/build/packages/cdk8s_renderer/imports/firestartr.dev.d.ts

@@ -711,6 +711,12 @@ export declare enum FirestartrGithubOrgWebhookSpecWebhookContentType {
  * @schema FirestartrGithubOrgWebhookSpecWebhookSecretRef
  */
 export interface FirestartrGithubOrgWebhookSpecWebhookSecretRef {
+    /**
+     * The type of Kubernetes resource to reference.
+     *
+     * @schema FirestartrGithubOrgWebhookSpecWebhookSecretRef#kind
+     */
+    readonly kind: FirestartrGithubOrgWebhookSpecWebhookSecretRefKind;
     /**
      * Secret name
      *
@@ -767,6 +773,15 @@ export interface FirestartrGithubOrgWebhookSpecWriteConnectionSecretToRefOutputs
  * Converts an object of type 'FirestartrGithubOrgWebhookSpecWriteConnectionSecretToRefOutputs' to JSON representation.
  */
 export declare function toJson_FirestartrGithubOrgWebhookSpecWriteConnectionSecretToRefOutputs(obj: FirestartrGithubOrgWebhookSpecWriteConnectionSecretToRefOutputs | undefined): Record<string, any> | undefined;
+/**
+ * The type of Kubernetes resource to reference.
+ *
+ * @schema FirestartrGithubOrgWebhookSpecWebhookSecretRefKind
+ */
+export declare enum FirestartrGithubOrgWebhookSpecWebhookSecretRefKind {
+    /** Secret */
+    SECRET = "Secret"
+}
 /**
  * @schema FirestartrGithubOrgWebhookSpecContextBackendRef
  */
@@ -896,10 +911,6 @@ export interface FirestartrGithubRepositorySpec {
      * @schema FirestartrGithubRepositorySpec#permissions
      */
     readonly permissions: FirestartrGithubRepositorySpecPermissions[];
-    /**
-     * @schema FirestartrGithubRepositorySpec#secrets
-     */
-    readonly secrets?: FirestartrGithubRepositorySpecSecrets;
     /**
      * @schema FirestartrGithubRepositorySpec#vars
      */
@@ -1075,27 +1086,6 @@ export interface FirestartrGithubRepositorySpecPermissions {
  * Converts an object of type 'FirestartrGithubRepositorySpecPermissions' to JSON representation.
  */
 export declare function toJson_FirestartrGithubRepositorySpecPermissions(obj: FirestartrGithubRepositorySpecPermissions | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecrets
- */
-export interface FirestartrGithubRepositorySpecSecrets {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecrets#actions
-     */
-    readonly actions?: FirestartrGithubRepositorySpecSecretsActions[];
-    /**
-     * @schema FirestartrGithubRepositorySpecSecrets#codespaces
-     */
-    readonly codespaces?: FirestartrGithubRepositorySpecSecretsCodespaces[];
-    /**
-     * @schema FirestartrGithubRepositorySpecSecrets#dependabot
-     */
-    readonly dependabot?: FirestartrGithubRepositorySpecSecretsDependabot[];
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecrets' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecrets(obj: FirestartrGithubRepositorySpecSecrets | undefined): Record<string, any> | undefined;
 /**
  * @schema FirestartrGithubRepositorySpecVars
  */
@@ -1297,57 +1287,6 @@ export interface FirestartrGithubRepositorySpecPermissionsRef {
  * Converts an object of type 'FirestartrGithubRepositorySpecPermissionsRef' to JSON representation.
  */
 export declare function toJson_FirestartrGithubRepositorySpecPermissionsRef(obj: FirestartrGithubRepositorySpecPermissionsRef | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsActions
- */
-export interface FirestartrGithubRepositorySpecSecretsActions {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsActions#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsActions#ref
-     */
-    readonly ref: FirestartrGithubRepositorySpecSecretsActionsRef;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsActions' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsActions(obj: FirestartrGithubRepositorySpecSecretsActions | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsCodespaces
- */
-export interface FirestartrGithubRepositorySpecSecretsCodespaces {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsCodespaces#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsCodespaces#ref
-     */
-    readonly ref: FirestartrGithubRepositorySpecSecretsCodespacesRef;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsCodespaces' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsCodespaces(obj: FirestartrGithubRepositorySpecSecretsCodespaces | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsDependabot
- */
-export interface FirestartrGithubRepositorySpecSecretsDependabot {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsDependabot#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsDependabot#ref
-     */
-    readonly ref: FirestartrGithubRepositorySpecSecretsDependabotRef;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsDependabot' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsDependabot(obj: FirestartrGithubRepositorySpecSecretsDependabot | undefined): Record<string, any> | undefined;
 /**
  * @schema FirestartrGithubRepositorySpecVarsVariableItemSchema
  */
@@ -1437,69 +1376,6 @@ export interface FirestartrGithubRepositorySpecContextProviderRef {
  * Converts an object of type 'FirestartrGithubRepositorySpecContextProviderRef' to JSON representation.
  */
 export declare function toJson_FirestartrGithubRepositorySpecContextProviderRef(obj: FirestartrGithubRepositorySpecContextProviderRef | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsActionsRef
- */
-export interface FirestartrGithubRepositorySpecSecretsActionsRef {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsActionsRef#kind
-     */
-    readonly kind: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsActionsRef#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsActionsRef#key
-     */
-    readonly key: string;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsActionsRef' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsActionsRef(obj: FirestartrGithubRepositorySpecSecretsActionsRef | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsCodespacesRef
- */
-export interface FirestartrGithubRepositorySpecSecretsCodespacesRef {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsCodespacesRef#kind
-     */
-    readonly kind: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsCodespacesRef#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsCodespacesRef#key
-     */
-    readonly key: string;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsCodespacesRef' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsCodespacesRef(obj: FirestartrGithubRepositorySpecSecretsCodespacesRef | undefined): Record<string, any> | undefined;
-/**
- * @schema FirestartrGithubRepositorySpecSecretsDependabotRef
- */
-export interface FirestartrGithubRepositorySpecSecretsDependabotRef {
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsDependabotRef#kind
-     */
-    readonly kind: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsDependabotRef#name
-     */
-    readonly name: string;
-    /**
-     * @schema FirestartrGithubRepositorySpecSecretsDependabotRef#key
-     */
-    readonly key: string;
-}
-/**
- * Converts an object of type 'FirestartrGithubRepositorySpecSecretsDependabotRef' to JSON representation.
- */
-export declare function toJson_FirestartrGithubRepositorySpecSecretsDependabotRef(obj: FirestartrGithubRepositorySpecSecretsDependabotRef | undefined): Record<string, any> | undefined;
 /**
  * @schema FirestartrGithubRepositorySpecVarsVariableItemSchemaRef
  */

package/build/packages/cdk8s_renderer/src/charts/github/orgWebhookChart.d.ts

@@ -1,8 +1,9 @@
-import { FirestartrGithubOrgWebhook, FirestartrGithubOrgWebhookProps } from '../../../imports/firestartr.dev';
+import { FirestartrGithubOrgWebhook, FirestartrGithubOrgWebhookProps, FirestartrGithubOrgWebhookSpecWebhookSecretRef } from '../../../imports/firestartr.dev';
 import { IUnitializedStateKey } from '../../claims/base';
 import { BaseGithubChart } from './base';
 export declare class GithubOrgWebhookChart extends BaseGithubChart {
     template(): FirestartrGithubOrgWebhookProps | IUnitializedStateKey;
+    renderSecret(secret: string): FirestartrGithubOrgWebhookSpecWebhookSecretRef;
     gvk(): import("cdk8s").GroupVersionKind;
     instanceApiObject(template: any): FirestartrGithubOrgWebhook;
 }

package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts

@@ -545,6 +545,9 @@ declare const schemas: {
                                     type: string;
                                     description: string;
                                 };
+                                secretRef: {
+                                    $ref: string;
+                                };
                                 events: {
                                     type: string;
                                     description: string;

package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts

@@ -182,6 +182,9 @@ export declare const GithubSchemas: ({
                                 type: string;
                                 description: string;
                             };
+                            secretRef: {
+                                $ref: string;
+                            };
                             events: {
                                 type: string;
                                 description: string;

package/build/packages/cdk8s_renderer/src/claims/github/orgWebhook.d.ts

@@ -8,10 +8,7 @@ export interface IGithubOrgWebhookClaim extends IOrgWebhookClaim {
             webhook: {
                 url: string;
                 contentType: FirestartrGithubOrgWebhookSpecWebhookContentType;
-                secretRef: {
-                    name: string;
-                    key: string;
-                };
+                secretRef: string;
                 active?: boolean;
                 events: string[];
             };

package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts

@@ -34,6 +34,9 @@ declare const _default: {
                                 type: string;
                                 description: string;
                             };
+                            secretRef: {
+                                $ref: string;
+                            };
                             events: {
                                 type: string;
                                 description: string;

package/build/packages/github/index.d.ts

@@ -1,6 +1,7 @@
 import { createCheckRun } from './src/check_run';
 import { getOctokitForOrg, getGithubAppToken, getOctokitFromPat } from './src/auth';
 import { encryptRepoSecret, getRepoPublicKey } from './src/encrypt';
+import type { RepoSecretsSection } from './src/encrypt';
 declare const _default: {
     org: {
         getRepositoryList: typeof import("./src/organization").getRepositoryList;
@@ -85,3 +86,4 @@ declare const _default: {
     };
 };
 export default _default;
+export { RepoSecretsSection };

package/build/packages/github/src/encrypt.d.ts

@@ -1,12 +1,9 @@
-export declare function getRepoPublicKey(owner: string, repo: string): Promise<{
+export type RepoSecretsSection = 'actions' | 'dependabot' | 'codespaces';
+export declare function getRepoPublicKey(owner: string, repo: string, section: RepoSecretsSection): Promise<{
     key_id: string;
     key: string;
-    id?: number;
-    url?: string;
-    title?: string;
-    created_at?: string;
 }>;
-export declare function encryptRepoSecret(owner: string, repo: string, plaintextValue: string): Promise<{
+export declare function encryptRepoSecret(owner: string, repo: string, section: RepoSecretsSection, plaintextValue: string): Promise<{
     key_id: string;
     encrypted_value: string;
 }>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@firestartr/cli",
-  "version": "1.52.0-snapshot-5",
+  "version": "1.52.0-snapshot-6",
   "private": false,
   "description": "Commandline tool",
   "main": "build/main.js",

package/build/packages/provisioner/src/entities/firestartrgithubrepository/helpers/RepositorySecret.d.ts

@@ -1,4 +0,0 @@
-import { Repository } from '@cdktf/provider-github/lib/repository';
-import { Construct } from 'constructs';
-import { FirestartrGithubRepository } from '../FirestartrGithubRepository';
-export declare function provisionRepositorySecrets(scope: Construct, repo: Repository, fsGithubRepository: FirestartrGithubRepository): Promise<void>;