Skip to content

fix(imports): load SESSION_SECRET in import jobs (imports workflow broken)#62

Open
DIodide wants to merge 1 commit into
masterfrom
fix/imports-session-secret
Open

fix(imports): load SESSION_SECRET in import jobs (imports workflow broken)#62
DIodide wants to merge 1 commit into
masterfrom
fix/imports-session-secret

Conversation

@DIodide

@DIodide DIodide commented Jun 30, 2026

Copy link
Copy Markdown
Member

Problem

Dispatching the PrincetonCourses Imports workflow fails immediately at the importer step:

A SESSION_SECRET of at least 32 characters is required to sign session cookies.
##[error]Process completed with exit code 1.

controllers/config.js requires SESSION_SECRET (≥32 chars) and process.exit(1)s if it's missing. Every importer (importBasicCourseDetails.js, etc.) loads it transitively via controllers/database.jsconfig.js. The workflow's 'Load Heroku config vars' steps only export MONGODB_URI (and a few others), not SESSION_SECRET, so all import jobs now abort at startup. (Regressed after the April 1 runs — config gained the SESSION_SECRET check.)

Fix

Add SESSION_SECRET to the Heroku config-var load in every job that runs a node importer (it's already set in the app's Heroku config). No other changes.

Verification

Dispatched this branch with run_import_courses=true, term=1262, subject=COS + the registrar FE token override:

  • SESSION_SECRET: *** now loaded; Got registrarFrontEndAPIToken; Processing the Fall 2025 semester.; Queued 55 course detail requests; Got results for 002053 (COS 217); All courses successfully processed. → run success.

This unblocks the imports workflow and was used to refresh COS 217 Fall 2025 instructors (adds Kevin Negy).

Note: also relevant — the registrar FE token scrape 403s from GitHub runners (Cloudflare), so the registrar_fe_api_token dispatch override must be supplied per run (as designed).

controllers/config.js requires SESSION_SECRET (>=32 chars) and exits 1 if
missing. The import scripts require config.js transitively (via
controllers/database.js), so every imports.yml job that runs a node importer
must export SESSION_SECRET. Only MONGODB_URI was being loaded, so dispatched
imports now fail at startup with 'A SESSION_SECRET of at least 32 characters
is required to sign session cookies.' Add SESSION_SECRET to each job's Heroku
config-var load (it is already present in the app's Heroku config).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant