Skip to content

extraEnv consistency #559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 16, 2025
Merged

extraEnv consistency #559

merged 2 commits into from
Jun 16, 2025

Conversation

benbz
Copy link
Member

@benbz benbz commented Jun 16, 2025

Spun out of test config consistency test changes required for #516.

Each component handled extraEnv differently. We harmonise and gain the following properties:

  • Merging duplicate names now works
  • Chart provided env always beats user provided extraEnv
    • As/when we want this to change we can split specific env var into an underride helper

@benbz benbz requested a review from a team as a code owner June 16, 2025 10:24
@github-actions GitHub Actions
Copy link

dyff of changes in rendered templates of CI manifests

example-default-enabled-components-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
matrix-authentication-service-checkov-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-external-synapse-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-minimal-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-postgres-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-postgres-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
matrix-authentication-service-synapse-syn2mas-dry-run-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config-mas.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml

@@ spec.template.spec.initContainers.render-config-syn.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
matrix-authentication-service-synapse-syn2mas-dry-run-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config-mas.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml

@@ spec.template.spec.initContainers.render-config-syn.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
matrix-authentication-service-synapse-syn2mas-migrate-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config-mas.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml

@@ spec.template.spec.initContainers.render-config-syn.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
matrix-authentication-service-synapse-syn2mas-migrate-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config-mas.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml

@@ spec.template.spec.initContainers.render-config-syn.env @@
# batch/v1/Job/ess-ci/release-name-syn2mas
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
pytest-matrix-authentication-service-syn2mas-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
pytest-matrix-authentication-service-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            DEBUG_RENDERING
  ENCRYPTION_SECRET            ENCRYPTION_SECRET
  SYNAPSE_SHARED_SECRET        POSTGRES_PASSWORD
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_OIDC_CLIENT_SECRET
  DEBUG_RENDERING              SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
pytest-matrix-rtc-standalone-values.yaml 
@@ spec.template.spec.initContainers.render-config-keys-yaml.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-rtc-sfu
! ⇆ order changed
  LIVEKIT_KEY       DEBUG_RENDERING
  LIVEKIT_SECRET    LIVEKIT_KEY
  DEBUG_RENDERING   LIVEKIT_SECRET

@@ spec.template.spec.initContainers.render-config-sfu.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-rtc-sfu
! ⇆ order changed
  LIVEKIT_KEY       DEBUG_RENDERING
  LIVEKIT_SECRET    LIVEKIT_KEY
  DEBUG_RENDERING   LIVEKIT_SECRET
pytest-matrix-rtc-synapse-wellknown-values.yaml 
@@ spec.template.spec.initContainers.render-config-keys-yaml.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-rtc-sfu
! ⇆ order changed
  LIVEKIT_KEY       DEBUG_RENDERING
  LIVEKIT_SECRET    LIVEKIT_KEY
  DEBUG_RENDERING   LIVEKIT_SECRET

@@ spec.template.spec.initContainers.render-config-sfu.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-rtc-sfu
! ⇆ order changed
  LIVEKIT_KEY       DEBUG_RENDERING
  LIVEKIT_SECRET    LIVEKIT_KEY
  DEBUG_RENDERING   LIVEKIT_SECRET


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
pytest-synapse-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            DEBUG_RENDERING
  DEBUG_RENDERING             SYNAPSE_POSTGRES_PASSWORD

@@ spec.template.spec.containers.synapse.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
- LD_PRELOAD, DEBUG_RENDERING
+ DEBUG_RENDERING, LD_PRELOAD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-event-persist
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            DEBUG_RENDERING
  DEBUG_RENDERING             SYNAPSE_POSTGRES_PASSWORD

@@ spec.template.spec.containers.synapse.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-event-persist
! ⇆ order changed
- LD_PRELOAD, DEBUG_RENDERING
+ DEBUG_RENDERING, LD_PRELOAD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            DEBUG_RENDERING
  DEBUG_RENDERING             SYNAPSE_POSTGRES_PASSWORD

@@ spec.template.spec.containers.synapse.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
- LD_PRELOAD, DEBUG_RENDERING
+ DEBUG_RENDERING, LD_PRELOAD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-media-repo
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            DEBUG_RENDERING
  DEBUG_RENDERING             SYNAPSE_POSTGRES_PASSWORD

@@ spec.template.spec.containers.synapse.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-media-repo
! ⇆ order changed
- LD_PRELOAD, DEBUG_RENDERING
+ DEBUG_RENDERING, LD_PRELOAD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-sliding-sync
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            DEBUG_RENDERING
  DEBUG_RENDERING             SYNAPSE_POSTGRES_PASSWORD

@@ spec.template.spec.containers.synapse.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-sliding-sync
! ⇆ order changed
- LD_PRELOAD, DEBUG_RENDERING
+ DEBUG_RENDERING, LD_PRELOAD
quick-setup-certificates-pg-external-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-certificates-pg-with-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-external-cert-pg-external-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-external-cert-pg-with-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-letsencrypt-pg-external-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-letsencrypt-pg-with-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-wildcard-cert-pg-external-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
quick-setup-wildcard-cert-pg-with-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-checkov-with-workers-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-appservice
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-client-reader
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-event-persist
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-fed-reader
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-ingress-additional-paths-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-minimal-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-postgres-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-postgres-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-secrets-externally-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-secrets-in-helm-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
synapse-worker-example-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-appservice
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-background
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-client-reader
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-encryption
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-event-creator
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-event-persist
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-fed-inbound
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-fed-reader
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-fed-sender
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-initial-sync
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-media-repo
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-presence-write
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-push-rules
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-pusher
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-receipts-accnt
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-sliding-sync
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-sso-login
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-synchrotron
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-typing
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-user-dir
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
well-known-mas-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
- POSTGRES_PASSWORD, ENCRYPTION_SECRET
+ ENCRYPTION_SECRET, POSTGRES_PASSWORD
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml
well-known-synapse-mas-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/Deployment/ess-ci/release-name-matrix-authentication-service
! ⇆ order changed
  POSTGRES_PASSWORD            ENCRYPTION_SECRET
  ENCRYPTION_SECRET            POSTGRES_PASSWORD
  SYNAPSE_SHARED_SECRET        SYNAPSE_OIDC_CLIENT_SECRET
  SYNAPSE_OIDC_CLIENT_SECRET   SYNAPSE_SHARED_SECRET
! - one list entry removed:
- - name: MAS_CONFIG
-   value: /conf/config.yaml


@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD
well-known-synapse-values.yaml 
@@ spec.template.spec.initContainers.render-config.env @@
# batch/v1/Job/ess-ci/release-name-synapse-check-config
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD


@@ spec.template.spec.initContainers.render-config.env @@
# apps/v1/StatefulSet/ess-ci/release-name-synapse-main
! ⇆ order changed
  SYNAPSE_POSTGRES_PASSWORD   APPLICATION_NAME
  APPLICATION_NAME            SYNAPSE_POSTGRES_PASSWORD

@benbz benbz merged commit 64b8527 into main Jun 16, 2025
65 checks passed
@benbz benbz deleted the bbz/no-env-overwriting branch June 16, 2025 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gaelgatelement gaelgatelement gaelgatelement approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benbz @gaelgatelement