From 56e580747471c07132ede9b03c793ce0b90e0317 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 21 Mar 2026 19:19:43 +0000
Subject: [PATCH] fix: create doppler ClusterSecretStore after ESO is installed

---
 .gitea/workflows/deploy.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index c00633d..0a06a9e 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -274,6 +274,22 @@ jobs:
           kubectl -n flux-system wait --for=condition=Ready gitrepository/platform --timeout=180s
           kubectl -n flux-system wait --for=condition=Ready kustomization/infrastructure --timeout=300s
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-external-secrets --timeout=300s
+          # Create Doppler ClusterSecretStore now that ESO CRDs are available
+          kubectl apply -f - <<'EOF'
+          apiVersion: external-secrets.io/v1
+          kind: ClusterSecretStore
+          metadata:
+            name: doppler-hetznerterra
+          spec:
+            provider:
+              doppler:
+                auth:
+                  secretRef:
+                    dopplerToken:
+                      name: doppler-hetznerterra-service-token
+                      key: dopplerToken
+                      namespace: external-secrets
+          EOF
           # CCM and CSI are suspended for stable baseline - using k3s embedded cloud provider
           # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=300s
           # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=300s