fix: Multiple fixes for HELM and app

.github/workflows/build_push.yml

@@ -22,8 +22,10 @@ jobs:
             docker tag ghcr.io/gabrielpalmar/hivebox:$(cat version.txt) ghcr.io/gabrielpalmar/hivebox:latest
 
         - name: Push Docker image to GHCR
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           run: |
-            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
             docker push ghcr.io/gabrielpalmar/hivebox:$(cat version.txt)
             docker push ghcr.io/gabrielpalmar/hivebox:latest
 
@@ -55,13 +57,15 @@ jobs:
             helm package ./helm-chart
 
         - name: Push Helm Chart to GHCR
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           run: |
             CHART_FILE="hivebox-$(cat version.txt).tgz"
             if [ ! -f "$CHART_FILE" ]; then
               echo "Helm chart $CHART_FILE not found"
               exit 1
             fi
-            echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo "$GITHUB_TOKEN" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
             helm push $CHART_FILE oci://ghcr.io/gabrielpalmar/hivebox-helm-charts
 
         - name: Add job summary

.github/workflows/build_test.yml

@@ -35,13 +35,7 @@ jobs:
             pip install vcrpy
 
         - name: Run tests
-          run: |
-            python tests/test_main.py
-            TEST_EXIT_CODE=$?
-            if [ $TEST_EXIT_CODE -ne 0 ]; then
-                echo "Tests failed!"
-                exit $TEST_EXIT_CODE
-            fi
+          run: python tests/test_main.py
 
         - name: Stop Docker container
           run: docker stop $(docker ps -q)

.github/workflows/sonarqube.yml

@@ -36,7 +36,7 @@ jobs:
         working-directory: ${{ github.workspace }}
 
       - name: Analyze with SonarQube
-        uses: SonarSource/sonarqube-scan-action@master
+        uses: SonarSource/sonarqube-scan-action@v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Dockerfile

@@ -10,14 +10,12 @@ COPY version.txt requirements.txt /app/
 RUN pip install --no-cache-dir -r /app/requirements.txt --require-hashes && \
     chown -R appuser:appgroup /app
 
-ENV FLASK_APP=app.main.py:app \
+ENV FLASK_APP=app.main:app \
     PYTHONUNBUFFERED=1 \
     REDIS_PORT=6379 \
     REDIS_DB=0 \
     CACHE_TTL=300 \
     MINIO_PORT=9000 \
-    MINIO_ACCESS_KEY=minioadmin \
-    MINIO_SECRET_KEY=minioadmin \
     REDIS_HOST=redis \
     MINIO_HOST=minio
 

app/opensense.py

@@ -9,8 +9,6 @@
 # Use shared Redis client
 redis_client, REDIS_AVAILABLE = create_redis_client()
 
-_sensor_stats = {"total_sensors": 0, "null_count": 0}
-
 def classify_temperature(average):
     '''Classify temperature based on ranges using dictionary approach'''
     # Define temperature ranges and their classifications
@@ -135,11 +133,11 @@ def get_temperature():
         return f"Error: API request failed - {e}\n", {"total_sensors": 0, "null_count": 0}
 
     # Process the data (keeping the existing logic)
-    _sensor_stats["total_sensors"] = sum(1 for d in data if isinstance(d, dict) and "sensors" in d)
+    sensor_stats = {"total_sensors": 0, "null_count": 0}
+    sensor_stats["total_sensors"] = sum(1 for d in data if isinstance(d, dict) and "sensors" in d)
     res = [d.get('sensors') for d in data if isinstance(d, dict) and 'sensors' in d]
 
     temp_list = []
-    _sensor_stats["null_count"] = 0
 
     for sensor_list in res:
         for measure in sensor_list:
@@ -149,9 +147,9 @@ def get_temperature():
                     try:
                         temp_list.append(float(last['value']))
                     except (TypeError, ValueError):
-                        _sensor_stats["null_count"] += 1
+                        sensor_stats["null_count"] += 1
                 else:
-                    _sensor_stats["null_count"] += 1
+                    sensor_stats["null_count"] += 1
 
     average = sum(temp_list) / len(temp_list) if temp_list else 0.0
 
@@ -169,4 +167,4 @@ def get_temperature():
         except redis.RedisError as e:
             print(f"Redis error while caching data: {e}")
 
-    return result, _sensor_stats
+    return result, sensor_stats

app/storage.py

@@ -8,11 +8,14 @@
 
 MINIO_HOST = os.getenv('MINIO_HOST', 'localhost')
 MINIO_PORT = int(os.environ.get('MINIO_PORT', 9000))
-MINIO_ACCESS_KEY = os.environ.get('MINIO_ACCESS_KEY', 'minioadmin')
-MINIO_SECRET_KEY = os.environ.get('MINIO_SECRET_KEY', 'minioadmin')
+MINIO_ACCESS_KEY = os.environ.get('MINIO_ACCESS_KEY', '')
+MINIO_SECRET_KEY = os.environ.get('MINIO_SECRET_KEY', '')
 
 def store_temperature_data():
     '''Function to upload temperature data to MinIO.'''
+    if not MINIO_ACCESS_KEY or not MINIO_SECRET_KEY:
+        return "Error: MINIO_ACCESS_KEY and MINIO_SECRET_KEY must be set\n"
+
     try:
         client = Minio(f"{MINIO_HOST}:{MINIO_PORT}",
             access_key=MINIO_ACCESS_KEY,

helm-chart/templates/cronjob.yaml

@@ -21,15 +21,19 @@ spec:
               args:
                 - |
                   set -eu
-                  while true; do
+                  MAX_RETRIES=60
+                  COUNTER=0
+                  while [ $COUNTER -lt $MAX_RETRIES ]; do
                     if curl -sSf -m 3 http://hivebox-service/version >/dev/null; then
                       echo "Hivebox service is up!"
                       exit 0
-                    else
-                      echo "Waiting for Hivebox service to be available..."
-                      sleep 5
                     fi
+                    echo "Waiting for Hivebox service... ($COUNTER/$MAX_RETRIES)"
+                    sleep 5
+                    COUNTER=$((COUNTER+1))
                   done
+                  echo "Timed out waiting for Hivebox service"
+                  exit 1
               securityContext:
                 {{- include "common.containerSecurityContext" . | nindent 16 }}
               resources:

helm-chart/templates/deployment.yaml

@@ -40,6 +40,16 @@ spec:
               value: {{ .Values.services.redis | quote }}
             - name: MINIO_HOST
               value: {{ .Values.services.minio | quote }}
+            - name: MINIO_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: access-key
+            - name: MINIO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: secret-key
           securityContext:
             {{- include "common.containerSecurityContext" . | nindent 12 }}
           resources:
@@ -130,9 +140,15 @@ spec:
           command: ["minio", "server", "/data"]
           env:
             - name: MINIO_ROOT_USER
-              value: {{ .Values.minio.accessKey | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: access-key
             - name: MINIO_ROOT_PASSWORD
-              value: {{ .Values.minio.secretKey | quote }}
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: secret-key
           securityContext:
             {{- include "common.containerSecurityContext" . | nindent 12 }}
           resources:

helm-chart/templates/ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -18,4 +19,5 @@ spec:
               service:
                 name: {{ .Values.ingress.serviceName | default "hivebox-service" }}
                 port:
-                  number: {{ .Values.ingress.servicePort | default 80 }}
+                  number: {{ .Values.ingress.servicePort | default 80 }}
+{{- end }}

helm-chart/templates/secrets.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-credentials
+  labels:
+    app: minio
+type: Opaque
+data:
+  access-key: {{ .Values.minio.accessKey | b64enc | quote }}
+  secret-key: {{ .Values.minio.secretKey | b64enc | quote }}

kustomize/base/cronjob.yaml

@@ -24,15 +24,19 @@ spec:
               args:
                 - |
                   set -eu
-                  while true; do
+                  MAX_RETRIES=60
+                  COUNTER=0
+                  while [ $COUNTER -lt $MAX_RETRIES ]; do
                     if curl -sSf -m 3 http://hivebox-service/version >/dev/null; then
                       echo "Hivebox service is up!"
                       exit 0
-                    else
-                      echo "Waiting for Hivebox service to be available..."
-                      sleep 5
                     fi
+                    echo "Waiting for Hivebox service... ($COUNTER/$MAX_RETRIES)"
+                    sleep 5
+                    COUNTER=$((COUNTER+1))
                   done
+                  echo "Timed out waiting for Hivebox service"
+                  exit 1
               securityContext:
                 allowPrivilegeEscalation: false
                 readOnlyRootFilesystem: true

kustomize/base/deployment.yaml

@@ -29,6 +29,16 @@ spec:
               value: redis-service
             - name: MINIO_HOST
               value: minio-service
+            - name: MINIO_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: access-key
+            - name: MINIO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: secret-key
           securityContext:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
@@ -136,9 +146,15 @@ spec:
           command: ["minio", "server", "/data"]
           env:
             - name: MINIO_ROOT_USER
-              value: minioadmin
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: access-key
             - name: MINIO_ROOT_PASSWORD
-              value: minioadmin
+              valueFrom:
+                secretKeyRef:
+                  name: minio-credentials
+                  key: secret-key
           securityContext:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true

kustomize/base/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   - service.yaml
   - ingress.yaml
   - cronjob.yaml
+  - secrets.yaml
 metadata:
   labels:
     app: hivebox

kustomize/base/secrets.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-credentials
+  labels:
+    app: minio
+type: Opaque
+data:
+  # Base64 encoded values - replace with your actual credentials
+  # echo -n 'minioadmin' | base64 = bWluaW9hZG1pbg==
+  access-key: bWluaW9hZG1pbg==
+  secret-key: bWluaW9hZG1pbg==