allthingslinux
diff --git a/‎scripts/secrets.sh‎ ‎.github/scripts/secrets.sh‎scripts/secrets.sh renamed to .github/scripts/secrets.sh
Lines changed: 28 additions & 30 deletions b/‎scripts/secrets.sh‎ ‎.github/scripts/secrets.sh‎scripts/secrets.sh renamed to .github/scripts/secrets.sh
Lines changed: 28 additions & 30 deletions
diff --git a/‎.github/scripts/set-cloudflare-secrets.sh‎
Lines changed: 0 additions & 77 deletions b/‎.github/scripts/set-cloudflare-secrets.sh‎
Lines changed: 0 additions & 77 deletions
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 16 additions & 12 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 16 additions & 12 deletions
diff --git a/‎PNPM_SCRIPTS.md‎
Lines changed: 10 additions & 7 deletions b/‎PNPM_SCRIPTS.md‎
Lines changed: 10 additions & 7 deletions
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# Script to manually set secrets in Cloudflare Worker
-# Note: GitHub Actions automatically handles secrets via prefixed secrets (DEV_*, PROD_*)
+# Script to manually set secrets in Cloudflare Worker environment
+# Note: GitHub Actions automatically handles secrets in separate environment workers
 # This script is for manual local secret management only
 
 # Environment to set secrets for (dev or prod)
@@ -13,11 +13,9 @@ if [ "$ENV" != "dev" ] && [ "$ENV" != "prod" ]; then
   exit 1
 fi
 
-# Determine prefix based on environment
-PREFIX="${ENV^^}" # Convert to uppercase (dev -> DEV, prod -> PROD)
-WORKER_NAME="allthingslinux"
+WORKER_NAME="allthingslinux-${ENV}"
 
-echo "Setting ${PREFIX}_* prefixed secrets for worker: $WORKER_NAME"
+echo "Setting secrets for worker: $WORKER_NAME"
 echo "Environment: $ENV"
 echo ""
 
@@ -49,54 +47,54 @@ fi
 echo "✓ Authentication verified"
 echo ""
 
-# Helper function to set a prefixed secret
-set_prefixed_secret() {
-  local BASE_NAME=$1
+# Helper function to set a secret
+set_secret() {
+  local SECRET_NAME=$1
   local SECRET_VALUE=$2
-  local PREFIXED_NAME="${PREFIX}_${BASE_NAME}"
-  
+
   if [ -z "$SECRET_VALUE" ]; then
-    echo "⚠ Skipping $PREFIXED_NAME (value not provided)"
+    echo "⚠ Skipping $SECRET_NAME (value not provided)"
     return 0
   fi
-  
-  echo "Setting $PREFIXED_NAME..."
-  if echo "$SECRET_VALUE" | pnpm exec wrangler secret put "$PREFIXED_NAME"; then
-    echo "✓ $PREFIXED_NAME set successfully"
+
+  echo "Setting $SECRET_NAME..."
+  if echo "$SECRET_VALUE" | pnpm exec wrangler secret put "$SECRET_NAME" --env "$ENV"; then
+    echo "✓ $SECRET_NAME set successfully"
     return 0
   else
-    echo "✗ Failed to set $PREFIXED_NAME"
+    echo "✗ Failed to set $SECRET_NAME"
     return 1
   fi
 }
 
 ERRORS=0
 
-# Set prefixed secrets (same pattern as GitHub Actions workflow)
-echo "Setting ${PREFIX}_* prefixed secrets..."
+# Set secrets (same pattern as GitHub Actions workflow)
+echo "Setting secrets..."
 echo ""
 
 # Core secrets
-set_prefixed_secret "QUICKBOOKS_CLIENT_ID" "${QUICKBOOKS_CLIENT_ID}" || ((ERRORS++))
-set_prefixed_secret "QUICKBOOKS_CLIENT_SECRET" "${QUICKBOOKS_CLIENT_SECRET}" || ((ERRORS++))
-set_prefixed_secret "QUICKBOOKS_REFRESH_TOKEN" "${QUICKBOOKS_REFRESH_TOKEN}" || ((ERRORS++))
-set_prefixed_secret "QUICKBOOKS_REALM_ID" "${QUICKBOOKS_REALM_ID}" || ((ERRORS++))
-set_prefixed_secret "QUICKBOOKS_ADMIN_KEY" "${QUICKBOOKS_ADMIN_KEY}" || ((ERRORS++))
-set_prefixed_secret "GITHUB_TOKEN" "${GITHUB_TOKEN}" || ((ERRORS++))
-set_prefixed_secret "MONDAY_API_KEY" "${MONDAY_API_KEY}" || ((ERRORS++))
+set_secret "QUICKBOOKS_CLIENT_ID" "${QUICKBOOKS_CLIENT_ID}" || ((ERRORS++))
+set_secret "QUICKBOOKS_CLIENT_SECRET" "${QUICKBOOKS_CLIENT_SECRET}" || ((ERRORS++))
+set_secret "QUICKBOOKS_REFRESH_TOKEN" "${QUICKBOOKS_REFRESH_TOKEN}" || ((ERRORS++))
+set_secret "QUICKBOOKS_REALM_ID" "${QUICKBOOKS_REALM_ID}" || ((ERRORS++))
+set_secret "QUICKBOOKS_ADMIN_KEY" "${QUICKBOOKS_ADMIN_KEY}" || ((ERRORS++))
+set_secret "GITHUB_TOKEN" "${GITHUB_TOKEN}" || ((ERRORS++))
+set_secret "MONDAY_API_KEY" "${MONDAY_API_KEY}" || ((ERRORS++))
+set_secret "TRIGGER_SECRET_KEY" "${TRIGGER_SECRET_KEY}" || ((ERRORS++))
 
 # Variables (non-sensitive) - note: these are set as secrets for consistency
-set_prefixed_secret "MONDAY_BOARD_ID" "${MONDAY_BOARD_ID}" || ((ERRORS++))
-set_prefixed_secret "DISCORD_WEBHOOK_URL" "${DISCORD_WEBHOOK_URL}" || ((ERRORS++))
+set_secret "MONDAY_BOARD_ID" "${MONDAY_BOARD_ID}" || ((ERRORS++))
+set_secret "DISCORD_WEBHOOK_URL" "${DISCORD_WEBHOOK_URL}" || ((ERRORS++))
 
 # QUICKBOOKS_ENVIRONMENT (optional, auto-detected if not set)
 if [ -n "$QUICKBOOKS_ENVIRONMENT" ]; then
-  set_prefixed_secret "QUICKBOOKS_ENVIRONMENT" "${QUICKBOOKS_ENVIRONMENT}" || ((ERRORS++))
+  set_secret "QUICKBOOKS_ENVIRONMENT" "${QUICKBOOKS_ENVIRONMENT}" || ((ERRORS++))
 fi
 
 echo ""
 if [ $ERRORS -eq 0 ]; then
-  echo "✓ All ${PREFIX}_* prefixed secrets set successfully"
+  echo "✓ All secrets set successfully"
   echo ""
   echo "Note: GitHub Actions automatically manages these secrets during CI/CD."
   echo "This manual script is mainly for local testing and initial setup."
 
@@ -60,20 +60,24 @@ jobs:
         run: |
           ENV_NAME="${{ github.ref == 'refs/heads/main' && 'prod' || 'dev' }}"
           echo "🔐 Setting secrets for ${ENV_NAME} environment..."
-          # Deploy to separate workers - no need for prefix logic
-          # Each environment worker has its own secrets
-          pnpm exec wrangler secret put QUICKBOOKS_CLIENT_ID --env $ENV_NAME <<< "${{ secrets.QUICKBOOKS_CLIENT_ID }}"
-          pnpm exec wrangler secret put QUICKBOOKS_CLIENT_SECRET --env $ENV_NAME <<< "${{ secrets.QUICKBOOKS_CLIENT_SECRET }}"
-          pnpm exec wrangler secret put QUICKBOOKS_REFRESH_TOKEN --env $ENV_NAME <<< "${{ secrets.QUICKBOOKS_REFRESH_TOKEN }}"
-          pnpm exec wrangler secret put QUICKBOOKS_REALM_ID --env $ENV_NAME <<< "${{ secrets.QUICKBOOKS_REALM_ID }}"
-          pnpm exec wrangler secret put QUICKBOOKS_ADMIN_KEY --env $ENV_NAME <<< "${{ secrets.QUICKBOOKS_ADMIN_KEY }}"
-          pnpm exec wrangler secret put GITHUB_TOKEN --env $ENV_NAME <<< "${{ secrets.GITHUB_TOKEN }}"
-          pnpm exec wrangler secret put MONDAY_API_KEY --env $ENV_NAME <<< "${{ secrets.MONDAY_API_KEY }}"
-          pnpm exec wrangler secret put MONDAY_BOARD_ID --env $ENV_NAME <<< "${{ vars.MONDAY_BOARD_ID }}"
-          pnpm exec wrangler secret put DISCORD_WEBHOOK_URL --env $ENV_NAME <<< "${{ vars.DISCORD_WEBHOOK_URL }}"
-          pnpm exec wrangler secret put QUICKBOOKS_ENVIRONMENT --env $ENV_NAME <<< "${{ vars.QUICKBOOKS_ENVIRONMENT }}"
+          # Use the same secrets.sh script for consistency between manual and CI/CD
+          chmod +x .github/scripts/secrets.sh
+          .github/scripts/secrets.sh "$ENV_NAME"
         env:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          # Export all secrets as environment variables for the script
+          QUICKBOOKS_CLIENT_ID: ${{ secrets.QUICKBOOKS_CLIENT_ID }}
+          QUICKBOOKS_CLIENT_SECRET: ${{ secrets.QUICKBOOKS_CLIENT_SECRET }}
+          QUICKBOOKS_REFRESH_TOKEN: ${{ secrets.QUICKBOOKS_REFRESH_TOKEN }}
+          QUICKBOOKS_REALM_ID: ${{ secrets.QUICKBOOKS_REALM_ID }}
+          QUICKBOOKS_ADMIN_KEY: ${{ secrets.QUICKBOOKS_ADMIN_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MONDAY_API_KEY: ${{ secrets.MONDAY_API_KEY }}
+          TRIGGER_SECRET_KEY: ${{ secrets.TRIGGER_SECRET_KEY }}
+          # Variables (non-sensitive)
+          MONDAY_BOARD_ID: ${{ vars.MONDAY_BOARD_ID }}
+          DISCORD_WEBHOOK_URL: ${{ vars.DISCORD_WEBHOOK_URL }}
+          QUICKBOOKS_ENVIRONMENT: ${{ vars.QUICKBOOKS_ENVIRONMENT }}
 
       - name: Deploy to Cloudflare Workers
         run: |
 
@@ -44,32 +44,32 @@ This document explains all available pnpm scripts in the project.
 ## Deployment
 
 - `pnpm run deploy:dev`
-  Builds and deploys to the development environment.
+  Builds and deploys to the development Cloudflare Worker (allthingslinux-dev) with separate R2/KV bindings.
 
 - `pnpm run deploy:prod`
-  Builds and deploys to the production environment.
+  Builds and deploys to the production Cloudflare Worker (allthingslinux-prod) with separate R2/KV bindings.
 
 - `pnpm run deploy`
   Alias for production deployment - the default deploy command.
 
 ## Version Management
 
 - `pnpm run version:upload`
-  Creates a new version in Cloudflare Workers without deploying it immediately.
+  Creates a new version in the development Cloudflare Worker without deploying it immediately.
 
 - `pnpm run version:deploy`
-  Deploys the latest uploaded version to production.
+  Deploys the latest uploaded version to the development Cloudflare Worker.
 
 - `pnpm run version:list`
-  Lists all versions of the Cloudflare Worker with metadata.
+  Lists all versions of the development Cloudflare Worker with metadata.
 
 ## Secrets Management
 
 - `pnpm run secrets:dev`
-  Uploads secrets from `.env.secrets.dev` (sandbox credentials) to the development Cloudflare Worker environment.
+  Uploads secrets from `.env.secrets.dev` to the development Cloudflare Worker (uses `.github/scripts/secrets.sh`).
 
 - `pnpm run secrets:prod`
-  Uploads secrets from `.env.secrets.prod` (production credentials) to the production Cloudflare Worker environment.
+  Uploads secrets from `.env.secrets.prod` to the production Cloudflare Worker (uses `.github/scripts/secrets.sh`).
 
 ## Code Quality
 
@@ -99,6 +99,9 @@ This document explains all available pnpm scripts in the project.
 - `pnpm run cf:typegen`
   Generates TypeScript types for Cloudflare Workers bindings and environment variables.
 
+- `pnpm run test`
+  Runs the test suite using Vitest with Cloudflare Workers testing capabilities.
+
 - `pnpm run analyze:bundle`
   Provides guidance for bundle size analysis using ESBuild Bundle Analyzer on the built worker code.