chore: update Vault secrets management and adjust ingress hosts for production and staging

Author: STASiAN

.github/workflows/vault-docker-helm.yaml

@@ -12,25 +12,46 @@ on:
 jobs:
   docker:
     runs-on: ${{ vars.RUNNER_SCALE_SET }}
+    env:
+      NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      REPO_NAME: ${{ github.event.repository.name }}
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+
     steps:
-      - name: Import Secrets from Vault
-        id: vault
+      - name: Import management secrets from Vault
+        id: management
         uses: hashicorp/vault-action@v3
         with:
           url: ${{ vars.VAULT_ADDR }}
-          path: ${{ vars.VAULT_PATH }}
+          path: management
           method: kubernetes
           role: ${{ vars.VAULT_ROLE }}
           secrets: |
-            ${{ vars.VAULT_PATH }}/data/${{ vars.VAULT_SECRET_PATH }} *
+            management/data/${{ vars.VAULT_SECRET_PATH }} *
+
+      - name: Import production secrets from Vault
+        id: production
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ vars.VAULT_ADDR }}
+          path: management
+          method: kubernetes
+          role: production-${{ env.REPO_NAME }}
+          secrets: |
+            production/data/${{ env.REPO_NAME }}/${{ env.REPO_NAME }} *
 
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Create .env file
+        run: |
+          echo VITE_FEATURE_TOGGLE_CLIENT_KEY=${{ env.VITE_FEATURE_TOGGLE_CLIENT_KEY }} >> .env
+          echo VITE_BRANCH_NAME=${{ env.BRANCH_NAME }} >> .env
+
       - name: Configure npm authentication for GitHub Registry
         run: |
           echo "@compolabs:registry=https://npm.pkg.github.com/" > .npmrc
-          echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" >> .npmrc
+          echo "//npm.pkg.github.com/:_authToken=${{ env.NODE_AUTH_TOKEN }}" >> .npmrc
 
       - name: Login to Docker Registry
         uses: docker/login-action@v3
@@ -47,7 +68,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_PROJECT }}/${{ vars.DOCKER_IMAGE }}
+            ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_PROJECT }}/${{ env.REPO_NAME }}
           tags: |
             type=ref,event=branch
             type=ref,event=pr
@@ -69,11 +90,11 @@ jobs:
         uses: hashicorp/vault-action@v3
         with:
           url: ${{ vars.VAULT_ADDR }}
-          path: ${{ vars.VAULT_PATH }}
+          path: management
           method: kubernetes
           role: ${{ vars.VAULT_ROLE }}
           secrets: |
-            ${{ vars.VAULT_PATH }}/data/${{ vars.VAULT_SECRET_PATH }} *
+            management/data/${{ vars.VAULT_SECRET_PATH }} *
 
       - name: Checkout code
         uses: actions/checkout@v4
@@ -93,7 +114,7 @@ jobs:
       - name: Push Helm Chart
         uses: appany/helm-oci-chart-releaser@v0.3.0
         with:
-          name: ${{ vars.DOCKER_IMAGE }}
+          name: ${{ github.event.repository.name }}
           repository: charts
           tag: ${{ steps.meta.outputs.tags }}
           path: helm

helm/values.production.yaml

@@ -1,14 +1,14 @@
 ingress:
   enabled: true
   hosts:
-    - host: app.production.sprk.fi
+    - host: app.production.v12.trade
       paths:
         - path: /
           pathType: Prefix
   tls:
     - secretName: spark-frontend-tls
       hosts:
-        - app.production.sprk.fi
+        - app.production.v12.trade
 
 vault:
   mount: production

helm/values.staging.yaml

@@ -1,14 +1,14 @@
 ingress:
   enabled: true
   hosts:
-    - host: app.staging.sprk.fi
+    - host: app.staging.v12.trade
       paths:
         - path: /
           pathType: Prefix
   tls:
     - secretName: spark-frontend-tls
       hosts:
-        - app.staging.sprk.fi
+        - app.staging.v12.trade
 
 vault:
   mount: staging