fix(imports): load SESSION_SECRET in import jobs (imports workflow broken)#62
Open
DIodide wants to merge 1 commit into
Open
fix(imports): load SESSION_SECRET in import jobs (imports workflow broken)#62DIodide wants to merge 1 commit into
DIodide wants to merge 1 commit into
Conversation
controllers/config.js requires SESSION_SECRET (>=32 chars) and exits 1 if missing. The import scripts require config.js transitively (via controllers/database.js), so every imports.yml job that runs a node importer must export SESSION_SECRET. Only MONGODB_URI was being loaded, so dispatched imports now fail at startup with 'A SESSION_SECRET of at least 32 characters is required to sign session cookies.' Add SESSION_SECRET to each job's Heroku config-var load (it is already present in the app's Heroku config).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Dispatching the PrincetonCourses Imports workflow fails immediately at the importer step:
controllers/config.jsrequiresSESSION_SECRET(≥32 chars) andprocess.exit(1)s if it's missing. Every importer (importBasicCourseDetails.js, etc.) loads it transitively viacontrollers/database.js→config.js. The workflow's 'Load Heroku config vars' steps only exportMONGODB_URI(and a few others), notSESSION_SECRET, so all import jobs now abort at startup. (Regressed after the April 1 runs — config gained the SESSION_SECRET check.)Fix
Add
SESSION_SECRETto the Heroku config-var load in every job that runs a node importer (it's already set in the app's Heroku config). No other changes.Verification
Dispatched this branch with
run_import_courses=true, term=1262, subject=COS+ the registrar FE token override:SESSION_SECRET: ***now loaded;Got registrarFrontEndAPIToken;Processing the Fall 2025 semester.;Queued 55 course detail requests;Got results for 002053(COS 217);All courses successfully processed.→ run success.This unblocks the imports workflow and was used to refresh COS 217 Fall 2025 instructors (adds Kevin Negy).
Note: also relevant — the registrar FE token scrape 403s from GitHub runners (Cloudflare), so the
registrar_fe_api_tokendispatch override must be supplied per run (as designed).