Skip to content

fix(cd): pass OMNI_SERVICE_ACCOUNT_KEY to ksail steps#1338

Merged
botantler[bot] merged 1 commit intomainfrom
devantler/fix-cd-omni-service-account-key
Apr 9, 2026
Merged

fix(cd): pass OMNI_SERVICE_ACCOUNT_KEY to ksail steps#1338
botantler[bot] merged 1 commit intomainfrom
devantler/fix-cd-omni-service-account-key

Conversation

@devantler
Copy link
Copy Markdown
Contributor

@devantler devantler commented Apr 9, 2026

Description

The CD workflow fails with:

failed to create Talos provisioner: create Omni provider: omni service account key is not set: environment variable OMNI_SERVICE_ACCOUNT_KEY is not set

The ksail.prod.yaml uses provider: Omni, which requires the OMNI_SERVICE_ACCOUNT_KEY environment variable. The org secret exists (OMNI_SERVICE_ACCOUNT_KEY, updated 4 days ago), but the workflow never exposes it to the ksail steps.

Changes

  • Added OMNI_SERVICE_ACCOUNT_KEY: ${{ secrets.OMNI_SERVICE_ACCOUNT_KEY }} to the env of both the "Push manifests to GHCR" and "Trigger Flux reconciliation" steps.

@devantler
fix(cd): pass OMNI_SERVICE_ACCOUNT_KEY to ksail steps
e7d80b3 
The Omni provider requires the OMNI_SERVICE_ACCOUNT_KEY environment
variable, but the CD workflow never exposed it to the ksail steps.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 9, 2026 17:32
@github-project-automation github-project-automation Bot moved this to 🫴 Ready in 🌊 Project Board Apr 9, 2026
@botantler botantler Bot enabled auto-merge April 9, 2026 17:32
@github-project-automation github-project-automation Bot moved this from 🫴 Ready to 🚀 In Finalization in 🌊 Project Board Apr 9, 2026
@botantler botantler Bot added this pull request to the merge queue Apr 9, 2026
Merged via the queue into main with commit 7f6788d Apr 9, 2026
11 checks passed
@botantler botantler Bot deleted the devantler/fix-cd-omni-service-account-key branch April 9, 2026 17:34
@github-project-automation github-project-automation Bot moved this from 🚀 In Finalization to ✅ Done in 🌊 Project Board Apr 9, 2026
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes the production CD GitHub Actions workflow by exposing the Omni service account key to the ksail commands that require it when using provider: Omni in ksail.prod.yaml.

Changes:

  • Pass OMNI_SERVICE_ACCOUNT_KEY into the “Push manifests to GHCR” ksail ... workload push step.
  • Pass OMNI_SERVICE_ACCOUNT_KEY into the “Trigger Flux reconciliation” ksail ... workload reconcile step.

@botantler
Copy link
Copy Markdown
Contributor

botantler Bot commented Apr 9, 2026

🎉 This PR is included in version 2.32.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@botantler botantler Bot added the released label Apr 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

released

Projects

🌊 Project Board
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devantler