viktor/wrongmove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wrongmove/.woodpecker
History
Viktor Barzin d03a9a0fe2 wrongmove: inline VITE_MAPBOX_TOKEN as a build_arg (drop secret indirection) 
The previous attempt used a step-level `environment:` block with
`from_secret:`, which the Woodpecker linter rejected on plugin steps
("Should not configure both `environment` and `settings`"). Net effect
was build-and-push-frontend reverted to a commands step and the
docker daemon never started.

The Mapbox `pk.*` token ends up baked into the public bundle anyway —
its security model is domain restrictions in the Mapbox dashboard, not
build-time secrecy. Inlining the value in `build_args` is the simplest
working path and avoids the secret-indirection footgun. The token also
still lives in Vault at `secret/ci/global/wrongmove-mapbox-token` for
the day we adopt a private style URL or replace this with a different
provider.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-15 21:54:40 +00:00
..
api.yml fix: increase install-api-deps memory to 1Gi for CI 2026-03-15 23:47:30 +00:00
frontend.yml wrongmove: inline VITE_MAPBOX_TOKEN as a build_arg (drop secret indirection) 2026-05-15 21:54:40 +00:00