fix(cd): simplify webhook secret loading and add error checking

2026-03-31 10:24:02 +00:00 · 2026-03-16 04:05:31 +04:00
parent 21303de0ba
commit cc423053e9
1 changed files with 11 additions and 16 deletions
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -230,35 +230,30 @@ jobs:
      - name: Load webhook secret
        id: webhook-secret
        run: |
-          set +e
          secret_name="telegram-webhook-secret"
          if [[ "${SERVICE_SUFFIX}" == "dev" ]]; then
            secret_name="telegram-webhook-secret-test"
          fi
+
+          echo "Loading secret: ${secret_name}"
          secret="$(gcloud secrets versions access latest \
            --secret "${secret_name}" \
-            --project "${{ vars.GCP_PROJECT_ID }}" 2>/dev/null)"
-          status=$?
-          set -e
+            --project "${{ vars.GCP_PROJECT_ID }}")"

-          if [[ $status -eq 0 && -n "$secret" ]]; then
          echo "::add-mask::$secret"
-            {
-              echo "available=true"
-              echo "secret<<EOF"
-              echo "$secret"
-              echo "EOF"
-            } >> "$GITHUB_OUTPUT"
-          else
-            echo "available=false" >> "$GITHUB_OUTPUT"
-          fi
+          echo "secret=${secret}" >> "$GITHUB_OUTPUT"

      - name: Set Telegram Webhook
-        if: ${{ steps.telegram-token.outputs.available == 'true' && steps.webhook-secret.outputs.available == 'true' }}
+        if: ${{ !cancelled() && steps.telegram-token.outputs.available == 'true' }}
        env:
          TELEGRAM_BOT_TOKEN: ${{ steps.telegram-token.outputs.token }}
          TELEGRAM_WEBHOOK_SECRET: ${{ steps.webhook-secret.outputs.secret }}
        run: |
+          if [[ -z "$TELEGRAM_WEBHOOK_SECRET" ]]; then
+            echo "ERROR: TELEGRAM_WEBHOOK_SECRET is not set"
+            exit 1
+          fi
+
          SERVICE_URL=$(gcloud run services describe "household-${SERVICE_SUFFIX}-bot-api" \
            --region "${GCP_REGION}" \
            --project "${{ vars.GCP_PROJECT_ID }}" \