From 9b8dd00dd223186bbe37572c804471851f68b6e9 Mon Sep 17 00:00:00 2001
From: Julian Vollmer <julianvollmer@gmail.com>
Date: Mon, 26 Jan 2026 17:26:26 +0100
Subject: [PATCH] pipeline #8

---
 .gitea/workflows/deploy.yml | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index dce1178..6856b50 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -118,18 +118,26 @@ jobs:
         kubectl version --client
 
     - name: Configure kubectl
+      env:
+        KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
       run: |
         mkdir -p ~/.kube
 
         echo "🔍 Debugging KUBECTLSECRET..."
         echo "Secret length: ${#KUBECTLSECRET}"
 
+        # Check if secret is empty
+        if [ "${#KUBECTLSECRET}" -eq 0 ]; then
+          echo "❌ ERROR: KUBECTLSECRET is empty!"
+          exit 1
+        fi
+
         # Try to decode as base64 first, if that fails, use as plain text
-        if echo "${{ secrets.KUBECTLSECRET }}" | base64 -d > ~/.kube/config 2>/dev/null; then
+        if echo "$KUBECTLSECRET" | base64 -d > ~/.kube/config 2>/dev/null; then
           echo "✅ KUBECTLSECRET decoded as base64"
         else
           echo "⚠️  KUBECTLSECRET is not base64, using as plain text"
-          echo "${{ secrets.KUBECTLSECRET }}" > ~/.kube/config
+          echo "$KUBECTLSECRET" > ~/.kube/config
         fi
 
         echo "📁 kubeconfig created at ~/.kube/config"
@@ -139,8 +147,8 @@ jobs:
         echo "🔧 Fixing TLS verification for self-signed certificates..."
         
         # Get all cluster names and add insecure-skip-tls-verify
-        kubectl config get-clusters --no-headers | while read cluster; do
-          if [ "$cluster" != "NAME" ]; then
+        kubectl config get-clusters | tail -n +2 | while read cluster; do
+          if [ -n "$cluster" ]; then
             echo "Setting insecure-skip-tls-verify for cluster: $cluster"
             kubectl config set-cluster "$cluster" --insecure-skip-tls-verify=true
           fi
@@ -339,18 +347,26 @@ jobs:
         kubectl version --client
 
     - name: Configure kubectl
+      env:
+        KUBECTLSECRET: ${{ secrets.KUBECTLSECRET }}
       run: |
         mkdir -p ~/.kube
 
         echo "🔍 Debugging KUBECTLSECRET..."
         echo "Secret length: ${#KUBECTLSECRET}"
 
+        # Check if secret is empty
+        if [ "${#KUBECTLSECRET}" -eq 0 ]; then
+          echo "❌ ERROR: KUBECTLSECRET is empty!"
+          exit 1
+        fi
+
         # Try to decode as base64 first, if that fails, use as plain text
-        if echo "${{ secrets.KUBECTLSECRET }}" | base64 -d > ~/.kube/config 2>/dev/null; then
+        if echo "$KUBECTLSECRET" | base64 -d > ~/.kube/config 2>/dev/null; then
           echo "✅ KUBECTLSECRET decoded as base64"
         else
           echo "⚠️  KUBECTLSECRET is not base64, using as plain text"
-          echo "${{ secrets.KUBECTLSECRET }}" > ~/.kube/config
+          echo "$KUBECTLSECRET" > ~/.kube/config
         fi
 
         echo "📁 kubeconfig created at ~/.kube/config"
@@ -360,8 +376,8 @@ jobs:
         echo "🔧 Fixing TLS verification for self-signed certificates..."
         
         # Get all cluster names and add insecure-skip-tls-verify
-        kubectl config get-clusters --no-headers | while read cluster; do
-          if [ "$cluster" != "NAME" ]; then
+        kubectl config get-clusters | tail -n +2 | while read cluster; do
+          if [ -n "$cluster" ]; then
             echo "Setting insecure-skip-tls-verify for cluster: $cluster"
             kubectl config set-cluster "$cluster" --insecure-skip-tls-verify=true
           fi