fix: create initial credential secret before the message shows up

src/cmd/apply.ts

@@ -13,7 +13,14 @@ import { ProcessOutputTrimmed } from 'src/common/zx-enhance'
 import { Argv, CommandModule } from 'yargs'
 import { $, cd } from 'zx'
 import { applyAsApps } from './apply-as-apps'
-import { cloneOtomiChartsInGitea, commit, printWelcomeMessage, retryIsOAuth2ProxyRunning } from './commit'
+import {
+  cloneOtomiChartsInGitea,
+  commit,
+  createCredentialsSecret,
+  initialSetupData,
+  printWelcomeMessage,
+  retryIsOAuth2ProxyRunning,
+} from './commit'
 import { upgrade } from './upgrade'
 
 const cmdName = getFilename(__filename)
@@ -114,8 +121,10 @@ const applyAll = async () => {
         { streams: { stdout: d.stream.log, stderr: d.stream.error } },
       )
       await cloneOtomiChartsInGitea()
+      const initialData = await initialSetupData()
+      await createCredentialsSecret(initialData.secretName, initialData.username, initialData.password)
       await retryIsOAuth2ProxyRunning()
-      await printWelcomeMessage()
+      await printWelcomeMessage(initialData.secretName, initialData.domainSuffix)
     }
   }
   await setDeploymentState({ status: 'deployed', version })

src/cmd/commit.ts

@@ -1,5 +1,7 @@
 import { CoreV1Api } from '@kubernetes/client-node'
 import retry from 'async-retry'
+import { existsSync } from 'fs'
+import { rm } from 'fs/promises'
 import { bootstrapGit, setIdentity } from 'src/common/bootstrap'
 import { prepareEnvironment } from 'src/common/cli'
 import { encrypt } from 'src/common/crypt'
@@ -14,8 +16,6 @@ import { Argv } from 'yargs'
 import { $, cd } from 'zx'
 import { Arguments as DroneArgs } from './gen-drone'
 import { validateValues } from './validate-values'
-import { existsSync } from 'fs'
-import { rm } from 'fs/promises'
 
 const cmdName = getFilename(__filename)
 
@@ -24,6 +24,13 @@ interface Arguments extends HelmArguments, DroneArgs {
   message?: string
 }
 
+interface InitialData {
+  domainSuffix: string
+  username: string
+  password: string
+  secretName: string
+}
+
 const commitAndPush = async (values: Record<string, any>, branch: string): Promise<void> => {
   const d = terminal(`cmd:${cmdName}:commitAndPush`)
   d.info('Committing values')
@@ -193,25 +200,39 @@ export async function isOAuth2ProxyAvailable(coreV1Api: CoreV1Api): Promise<void
   d.info('OAuth2proxy is available, continuing...')
 }
 
-async function createCredentialsSecret(secretName: string, username: string, password: string): Promise<void> {
-  const secretData = { username, password }
-  await createGenericSecret(k8s.core(), secretName, 'keycloak', secretData)
-}
-
-export const printWelcomeMessage = async (): Promise<void> => {
-  const d = terminal(`cmd:${cmdName}:commit`)
+export async function initialSetupData(): Promise<InitialData> {
   const values = (await hfValues()) as Record<string, any>
-  const { adminUsername, adminPassword }: { adminUsername: string; adminPassword: string } = values.apps.keycloak
-  await createCredentialsSecret('root-credentials', adminUsername, adminPassword)
-  const { hasExternalIDP } = values.otomi
   const { domainSuffix } = values.cluster
+  const { hasExternalIDP } = values.otomi
+
   const defaultPlatformAdminEmail = `platform-admin@${domainSuffix}`
   const platformAdmin = values.users.find((user: any) => user.email === defaultPlatformAdminEmail)
+  const secretName = hasExternalIDP ? 'root-credentials' : 'platform-admin-initial-credentials'
+
   if (platformAdmin && !hasExternalIDP) {
-    const { email, initialPassword }: { email: string; initialPassword: string } = platformAdmin
-    await createCredentialsSecret('platform-admin-initial-credentials', email, initialPassword)
+    return {
+      domainSuffix,
+      username: platformAdmin.email,
+      password: platformAdmin.initialPassword,
+      secretName,
+    }
+  } else {
+    return {
+      domainSuffix,
+      username: values.apps.keycloak.adminUsername,
+      password: values.apps.keycloak.adminPassword,
+      secretName,
+    }
   }
-  const secretName = hasExternalIDP ? 'root-credentials' : 'platform-admin-initial-credentials'
+}
+
+export async function createCredentialsSecret(secretName: string, username: string, password: string): Promise<void> {
+  const secretData = { username, password }
+  await createGenericSecret(k8s.core(), secretName, 'keycloak', secretData)
+}
+
+export const printWelcomeMessage = async (secretName: string, domainSuffix: string): Promise<void> => {
+  const d = terminal(`cmd:${cmdName}:commit`)
   const message = `
   ########################################################################################################################################
   #