From 854ce369d40533efe2f6e4ef58ff7656b392e50c Mon Sep 17 00:00:00 2001
From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com>
Date: Fri, 6 Dec 2024 10:46:06 +0000
Subject: [PATCH] Add test CloudFront keys

---
 .github/workflows/test.yml        | 4 ++++
 deploy/development/secret.tpl.yml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c78c3c2..ccbd825 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,3 +16,7 @@ jobs:
         docker compose run --rm -e JWT=${JWT} spider sh -c "npm ci && npm run test"
       env:
         JWT: ${{ secrets.JWT }}
+        # Use mock AWS CloudFront keys, these do not grant permission to anything.
+        AWS_CLOUDFRONT_PRIVATE_KEY: ${{ secrets.TEST_AWS_CLOUDFRONT_PRIVATE_KEY }}
+        AWS_CLOUDFRONT_PUBLIC_KEY: ${{ secrets.TEST_AWS_CLOUDFRONT_PUBLIC_KEY }}
+        AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT: ${{ secrets.TEST_AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT }}
diff --git a/deploy/development/secret.tpl.yml b/deploy/development/secret.tpl.yml
index 15688f1..976d5ca 100644
--- a/deploy/development/secret.tpl.yml
+++ b/deploy/development/secret.tpl.yml
@@ -13,6 +13,7 @@ metadata:
 type: Opaque
 data:
   AWS_CLOUDFRONT_PRIVATE_KEY: "${AWS_CLOUDFRONT_PRIVATE_KEY_BASE64}"
+  AWS_CLOUDFRONT_PUBLIC_KEY: "${AWS_CLOUDFRONT_PUBLIC_KEY_BASE64}"
 ---
 apiVersion: v1
 kind: Secret