From 6550e68b9185c51db1f72afc6ba9cf49ad17c2e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Thu, 30 Apr 2026 10:39:50 +0200 Subject: [PATCH 1/7] feat: Add support for state-secrets repo --- firestartr-bootstrap/resources.go | 26 +++++++++++++++++++++++++- firestartr-bootstrap/types.go | 1 + 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/firestartr-bootstrap/resources.go b/firestartr-bootstrap/resources.go index 9a3c0c1c..f83ee935 100644 --- a/firestartr-bootstrap/resources.go +++ b/firestartr-bootstrap/resources.go @@ -75,9 +75,14 @@ func (m *FirestartrBootstrap) PushBootstrapFiles( if m.Bootstrap.PushFiles.Crs.Providers.Terraform.Push { crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") + // Exclude non terraform CRs + terraformDir := crsDir.Filter(dagger.DirectoryFilterOpts{ + Include: []string{"FirestartrTerraformWorkspace.*"}, + }) + err := m.PushDirToRepo( ctx, - crsDir, + terraformDir, m.Bootstrap.PushFiles.Crs.Providers.Terraform.Repo, tokenSecret, ) @@ -86,6 +91,25 @@ func (m *FirestartrBootstrap) PushBootstrapFiles( } } + if m.Bootstrap.PushFiles.Crs.Providers.Secrets.Push { + crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") + + // Exclude non secret CRs + secretsDir := crsDir.Filter(dagger.DirectoryFilterOpts{ + Include: []string{"ExternalSecret.*"}, + }) + + err := m.PushDirToRepo( + ctx, + secretsDir, + m.Bootstrap.PushFiles.Crs.Providers.Secrets.Repo, + tokenSecret, + ) + if err != nil { + return err + } + } + if m.Bootstrap.PushFiles.DotFirestartr.Push { dotFirestartrDir := dag.CurrentModule().Source().Directory("./dot-firestartr") diff --git a/firestartr-bootstrap/types.go b/firestartr-bootstrap/types.go index 531cd5c0..0bd0ba4e 100644 --- a/firestartr-bootstrap/types.go +++ b/firestartr-bootstrap/types.go @@ -62,6 +62,7 @@ type PushFilesRepo struct { type Providers struct { Github PushFilesRepo `yaml:"github"` Terraform PushFilesRepo `yaml:"terraform"` + Secrets PushFilesRepo `yaml:"secrets"` } type Firestartr struct { From 38028329cecc8afa3bd00dc9dbac63d8602dc608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Thu, 30 Apr 2026 16:21:35 +0200 Subject: [PATCH 2/7] fix: Remove Terraform sections as only ExternalSecrets are uploaded --- firestartr-bootstrap/resources.go | 19 ------------------- firestartr-bootstrap/types.go | 5 ++--- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/firestartr-bootstrap/resources.go b/firestartr-bootstrap/resources.go index f83ee935..4db762b5 100644 --- a/firestartr-bootstrap/resources.go +++ b/firestartr-bootstrap/resources.go @@ -72,25 +72,6 @@ func (m *FirestartrBootstrap) PushBootstrapFiles( } } - if m.Bootstrap.PushFiles.Crs.Providers.Terraform.Push { - crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") - - // Exclude non terraform CRs - terraformDir := crsDir.Filter(dagger.DirectoryFilterOpts{ - Include: []string{"FirestartrTerraformWorkspace.*"}, - }) - - err := m.PushDirToRepo( - ctx, - terraformDir, - m.Bootstrap.PushFiles.Crs.Providers.Terraform.Repo, - tokenSecret, - ) - if err != nil { - return err - } - } - if m.Bootstrap.PushFiles.Crs.Providers.Secrets.Push { crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") diff --git a/firestartr-bootstrap/types.go b/firestartr-bootstrap/types.go index 0bd0ba4e..9d9eb21b 100644 --- a/firestartr-bootstrap/types.go +++ b/firestartr-bootstrap/types.go @@ -60,9 +60,8 @@ type PushFilesRepo struct { } type Providers struct { - Github PushFilesRepo `yaml:"github"` - Terraform PushFilesRepo `yaml:"terraform"` - Secrets PushFilesRepo `yaml:"secrets"` + Github PushFilesRepo `yaml:"github"` + Secrets PushFilesRepo `yaml:"secrets"` } type Firestartr struct { From c0784310d398777e7e00d819d164ee6b2651c82d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Thu, 30 Apr 2026 17:13:38 +0200 Subject: [PATCH 3/7] fix: Restored Terraform functionality --- firestartr-bootstrap/resources.go | 24 ++++++++++++++++++++++++ firestartr-bootstrap/types.go | 5 +++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/firestartr-bootstrap/resources.go b/firestartr-bootstrap/resources.go index 4db762b5..5c732698 100644 --- a/firestartr-bootstrap/resources.go +++ b/firestartr-bootstrap/resources.go @@ -4,6 +4,7 @@ import ( "context" "dagger/firestartr-bootstrap/internal/dagger" "fmt" + "strings" ) func (m *FirestartrBootstrap) PushBootstrapFiles( @@ -72,6 +73,29 @@ func (m *FirestartrBootstrap) PushBootstrapFiles( } } + if m.Bootstrap.PushFiles.Crs.Providers.Terraform.Push { + crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") + + // Exclude non terraform CRs + terraformDir := crsDir.Filter(dagger.DirectoryFilterOpts{ + Include: []string{"FirestartrTerraformWorkspace.*"}, + }) + + err := m.PushDirToRepo( + ctx, + terraformDir, + m.Bootstrap.PushFiles.Crs.Providers.Terraform.Repo, + tokenSecret, + ) + if err != nil { + if strings.Contains(err.Error(), "nothing to commit") { + fmt.Println("No terraform CRs to push, skipping...") + return nil + } + return err + } + } + if m.Bootstrap.PushFiles.Crs.Providers.Secrets.Push { crsDir := kindContainer.Directory("/resources/firestartr-crs/infra") diff --git a/firestartr-bootstrap/types.go b/firestartr-bootstrap/types.go index 9d9eb21b..0bd0ba4e 100644 --- a/firestartr-bootstrap/types.go +++ b/firestartr-bootstrap/types.go @@ -60,8 +60,9 @@ type PushFilesRepo struct { } type Providers struct { - Github PushFilesRepo `yaml:"github"` - Secrets PushFilesRepo `yaml:"secrets"` + Github PushFilesRepo `yaml:"github"` + Terraform PushFilesRepo `yaml:"terraform"` + Secrets PushFilesRepo `yaml:"secrets"` } type Firestartr struct { From dca92f306d82dee9995e0a4a6b66cd8ed1ed4b69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Thu, 30 Apr 2026 17:24:49 +0200 Subject: [PATCH 4/7] fix: Info messages now include state-secret --- firestartr-bootstrap/summary.go | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/firestartr-bootstrap/summary.go b/firestartr-bootstrap/summary.go index ef189309..5c0e7aab 100644 --- a/firestartr-bootstrap/summary.go +++ b/firestartr-bootstrap/summary.go @@ -69,11 +69,18 @@ func (m *FirestartrBootstrap) UpdateSummaryAndRunForImportResourcesStep( createdInfraResources, err := kindContainer.Directory( "/resources/firestartr-crs/infra", - ).Entries(ctx) + ).Glob(ctx, "FirestartrTerraformWorkspace.*") if err != nil { return "", fmt.Errorf("error creating the list of generated infra artifacts: %w", err) } + createdSecretResources, err := kindContainer.Directory( + "/resources/firestartr-crs/infra", + ).Glob(ctx, "ExternalSecret.*") + if err != nil { + return "", fmt.Errorf("error creating the list of generated secret artifacts: %w", err) + } + successMessage := fmt.Sprintf(` ===================================================== 📥 RESOURCES IMPORTED AND CREATED 📥 @@ -91,6 +98,9 @@ The environment is fully provisioned. #### Generated and created resources (Infra): - %s +#### Generated and created resources (Secrets): +- %s + #### Copied to the cache: - /import - /resources @@ -98,6 +108,7 @@ The environment is fully provisioned. strings.Join(importedFiles, "\n- "), strings.Join(createdGhResources, "\n- "), strings.Join(createdInfraResources, "\n- "), + strings.Join(createdSecretResources, "\n- "), ) return m.UpdateSummaryAndRun(ctx, successMessage), nil @@ -130,11 +141,18 @@ func (m *FirestartrBootstrap) UpdateSummaryAndRunForPushResourcesStep( pushedInfraCrs, err := kindContainer.Directory( "/resources/firestartr-crs/infra", - ).Entries(ctx) + ).Glob(ctx, "FirestartrTerraformWorkspace.*") if err != nil { return "", fmt.Errorf("error creating the list of pushed infra CRs: %w", err) } + pushedSecretCrs, err := kindContainer.Directory( + "/resources/firestartr-crs/infra", + ).Glob(ctx, "ExternalSecret.*") + if err != nil { + return "", fmt.Errorf("error creating the list of pushed secret CRs: %w", err) + } + successMessage := fmt.Sprintf(` ===================================================== ⤴️RESOURCE PUSH COMPLETE ⤴️ @@ -151,6 +169,9 @@ func (m *FirestartrBootstrap) UpdateSummaryAndRunForPushResourcesStep( #### List of pushed CRs (%s/state-infra) - %s + +#### List of pushed CRs (%s/state-secrets) + - %s `, m.Bootstrap.Org, strings.Join(pushedClaims, "\n- "), @@ -158,6 +179,8 @@ func (m *FirestartrBootstrap) UpdateSummaryAndRunForPushResourcesStep( strings.Join(pushedGithubCrs, "\n- "), m.Bootstrap.Org, strings.Join(pushedInfraCrs, "\n- "), + m.Bootstrap.Org, + strings.Join(pushedSecretCrs, "\n- "), ) return m.UpdateSummaryAndRun(ctx, successMessage), nil From 6af7203b86d97b34f87f64e10d13626e7b48129e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Thu, 30 Apr 2026 18:08:02 +0200 Subject: [PATCH 5/7] fix: Return nil --- firestartr-bootstrap/resources.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firestartr-bootstrap/resources.go b/firestartr-bootstrap/resources.go index 5c732698..2e264051 100644 --- a/firestartr-bootstrap/resources.go +++ b/firestartr-bootstrap/resources.go @@ -90,9 +90,9 @@ func (m *FirestartrBootstrap) PushBootstrapFiles( if err != nil { if strings.Contains(err.Error(), "nothing to commit") { fmt.Println("No terraform CRs to push, skipping...") - return nil + } else { + return err } - return err } } From 3c5ba2eb1d446347255fb9129580de30c1bc3508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Mon, 18 May 2026 12:25:26 +0200 Subject: [PATCH 6/7] fix: Updated README --- firestartr-bootstrap/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/firestartr-bootstrap/README.md b/firestartr-bootstrap/README.md index 74c500da..0043fa5b 100644 --- a/firestartr-bootstrap/README.md +++ b/firestartr-bootstrap/README.md @@ -83,6 +83,12 @@ pushFiles: terraform: push: true # When the process finishes, the generated crs will be pushed to the crs repository. repo: "state-infra" # Normally, the state-infra repository will be called "state-infra", but it is possible to change the name. + secrets: + push: true # When the process finishes, the generated crs will be pushed to the crs repository. + repo: "state-secrets" # Normally, the state-secrets repository will be called "state-secrets", but it is possible to change the name. + dotFirestartr: + push: true # When the process finishes, the generated crs will be pushed to the crs repository. + repo: ".firestartr" # Normally, the .firestartr repository will be called ".firestartr", but it is possible to change the name. components: - name: "dot-firestartr" # claim name @@ -130,6 +136,13 @@ components: version: latest # Check available versions at github.com/prefapp/features labels: - plan + + - name: "state-secrets" + description: "Firestartr Secrets wet repository" + defaultBranch: main + features: + - name: state_secrets + version: latest # Check available versions at github.com/prefapp/features ``` All the parameters must be filled. When copy pasting this file, `` must be replaced, but any other values can be treated as defaults and changed if needed: From 4c46e4e35cfc720f7a94bf989c0baf7660480405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20V=C3=A1zquez=20Gil?= Date: Mon, 18 May 2026 12:37:57 +0200 Subject: [PATCH 7/7] fix: Updated example Bootstrap file --- .../boot/BootstrapFile.yaml.example | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/firestartr-bootstrap/boot/BootstrapFile.yaml.example b/firestartr-bootstrap/boot/BootstrapFile.yaml.example index 24477ec5..17f0187f 100644 --- a/firestartr-bootstrap/boot/BootstrapFile.yaml.example +++ b/firestartr-bootstrap/boot/BootstrapFile.yaml.example @@ -21,6 +21,12 @@ pushFiles: terraform: push: true # When the process finishes, the generated crs will be pushed to the crs repository. repo: "state-infra" # Normally, the state-infra repository will be called "state-infra", but it is possible to change the name. + secrets: + push: true # When the process finishes, the generated crs will be pushed to the crs repository. + repo: "state-secrets" # Normally, the state-secrets repository will be called "state-secrets", but it is possible to change the name. + dotFirestartr: + push: true # When the process finishes, the generated crs will be pushed to the crs repository. + repo: ".firestartr" # Normally, the .firestartr repository will be called ".firestartr", but it is possible to change the name. components: - name: "dot-firestartr" # claim name @@ -66,3 +72,10 @@ components: version: latest # Check available versions at github.com/prefapp/features labels: - plan + + - name: "state-secrets" + description: "Firestartr Secrets wet repository" + defaultBranch: main + features: + - name: state_secrets + version: latest # Check available versions at github.com/prefapp/features