CH-234 feat: Allow secrets with quotes

tools/deployment-cli-tools/ch_cli_tools/codefresh.py

@@ -391,8 +391,9 @@ def adjust_build_steps(index):
                 if app.harness.secrets:
                     for secret in [secret[0] for secret in app.harness.secrets.items() if secret[1] != ""]:
                         secret_name = secret.replace("_", "__")
+                        value_ref = "\"${{%s}}\"" % secret_name.upper()
                         arguments["custom_values"].append(
-                            "apps_%s_harness_secrets_%s=${{%s}}" % (app_name.replace("_", "__"), secret_name, secret_name.upper()))
+                            "apps_%s_harness_secrets_%s=%s" % (app_name.replace("_", "__"), secret_name, value_ref))
 
     cmds = codefresh['steps']['prepare_deployment']['commands']
 

tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py

@@ -328,17 +328,17 @@ def image_tag(self, image_name, build_context_path=None, dependencies=()):
             logging.info(f"Ignoring {ignore}")
             tag = generate_tag_from_content(build_context_path, ignore)
             logging.info(f"Content hash: {tag}")
-            
+
             # Get dependencies from build context if not provided
             dependencies = dependencies or guess_build_dependencies_from_dockerfile(build_context_path)
-            
+
             # Combine with dependency tags
             dep_tags = "".join(self.all_images.get(n, '') for n in dependencies)
             if dep_tags:
                 logging.info(f"Dependency tags: {[(n, self.all_images.get(n, '')) for n in dependencies]}")
             tag = sha1((tag + dep_tags).encode("utf-8")).hexdigest()
             logging.info(f"Generated tag (with dependencies): {tag}")
-            
+
             app_name = image_name.split("/")[-1]  # the image name can have a prefix
             self.all_images[app_name] = tag
         return self.registry + image_name + (f':{tag}' if tag else '')

tools/deployment-cli-tools/tests/test_codefresh.py

@@ -328,6 +328,53 @@ def test_create_codefresh_configuration_nobuild():
     assert "publish_myapp-mytask" in l1_steps["publish"]["steps"]
 
 
+def test_codefresh_secret_with_quotes():
+    values = create_helm_chart(
+        [CLOUDHARNESS_ROOT, RESOURCES],
+        output_path=OUT,
+        include=['myapp'],
+        exclude=['events'],
+        domain="my.local",
+        namespace='test',
+        env='dev',
+        local=False,
+        tag=1,
+        registry='reg'
+    )
+    try:
+        root_paths = preprocess_build_overrides(
+            root_paths=[CLOUDHARNESS_ROOT, RESOURCES],
+            helm_values=values,
+            merge_build_path=BUILD_MERGE_DIR
+        )
+
+        build_included = [app['harness']['name']
+                          for app in values['apps'].values() if 'harness' in app]
+
+        values.apps["myapp"].harness.secrets = {
+            "settings_secret": "SECRET_KEY='replace-with-strong-shared-secret'"
+        }
+
+        cf = create_codefresh_deployment_scripts(root_paths, include=build_included,
+                                                 envs=['dev'],
+                                                 base_image_name=values['name'],
+                                                 helm_values=values, save=False)
+
+        custom_values = cf['steps']['deployment']['arguments']['custom_values']
+        entry = next(
+            value for value in custom_values
+            if value.startswith("apps_myapp_harness_secrets_settings__secret=")
+        )
+        assert entry == 'apps_myapp_harness_secrets_settings__secret="${{SETTINGS__SECRET}}"'
+        rendered = entry.replace(
+            "${{SETTINGS__SECRET}}",
+            values.apps["myapp"].harness.secrets["settings_secret"]
+        )
+        assert rendered == 'apps_myapp_harness_secrets_settings__secret="SECRET_KEY=\'replace-with-strong-shared-secret\'"'
+    finally:
+        shutil.rmtree(BUILD_MERGE_DIR)
+
+
 def test_app_depends_on_app():
 
     root_paths = [CLOUDHARNESS_ROOT, RESOURCES]