feat(config): _FILE support for Revolut secrets#140
Merged
Conversation
Unblocks the donate routes on the homelab compose stack, which mounts secrets as files via $SECRETSDIR rather than passing values inline. RevolutConfig::from_env now uses the same read_env_or_file helper as SpicedbConfig / MinioConfig / RoadmapPipelineConfig — REVOLUT_API_KEY and REVOLUT_WEBHOOK_SECRET each accept either the inline value or a _FILE variant pointing at a Docker-secrets-style mount. Inline env wins over _FILE when both are set (backward-compatible for any existing deploy that passes values inline). Signature widened Option<Self> -> Result<Option<Self>> so file-read errors propagate instead of silently degrading to "not configured" — matches the rest of the config types. Updates docs/REVOLUT-INTEGRATION-PLAN.md to replace the dead "Dashboard -> Webhooks -> Add webhook" steps (Revolut removed that UI in the 2024-09-01 API version) with the equivalent POST /api/1.0/webhooks curl call.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
RevolutConfig::from_envnow usesread_env_or_file()forREVOLUT_API_KEYandREVOLUT_WEBHOOK_SECRET, matching the docker-secrets convention already used byMINIO_SECRET_KEY_FILE,SPICEDB_PRESHARED_KEY_FILE,ROADMAP_GH_*_FILE.Option<Self>→Result<Option<Self>>so file-read errors propagate instead of silently degrading to "not configured" — matches the rest of the config types._FILEwhen both are set (covered by a regression test).REVOLUT-INTEGRATION-PLAN.mdsetup checklist replaces the dead "Dashboard → Webhooks → Add webhook" steps (Revolut removed that UI in the 2024-09-01 API version) with the equivalentPOST /api/1.0/webhookscurl call. Also flagssigning_secretrecovery viaGET /webhooks/{id}andwebhook_idretention.Why now
Unblocks the
starstats-apideploy on the homelab compose stack — secrets are mounted as files at/run/secrets/revolut_*, but the previousRevolutConfig::from_envonly read inline env vars, so the server logged "Revolut Business merchant API not configured" on every boot and/v1/donate/checkoutreturned 503. Compose-side wiring lands inhome-servers-buildonce this PR merges and:latestrebuilds.Test plan
cargo test -p starstats-server config::tests— 15 tests pass (5 new for Revolut: degraded path, partial-config rejection, inline+defaults,_FILEround-trip with CRLF trim, inline-overrides-file)cargo fmt -p starstats-servercleancargo clippy -p starstats-server --bin starstats-server -- -D warningscleanREVOLUT_API_KEY_FILE=/run/secrets/revolut_api_key+REVOLUT_WEBHOOK_SECRET_FILE=/run/secrets/revolut_webhook_secreton prod, restartstarstats-api, watch forRevolut Business merchant API configuredboot log, hit/v1/donate/tiersto confirm degraded path lifts, then click £3 on/supportend-to-end.