From ea02e0540d5f1f5cd1fb4c930c797af86166a6ae Mon Sep 17 00:00:00 2001
From: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com>
Date: Mon, 8 Dec 2025 09:20:20 -0500
Subject: [PATCH] fix(blueprint): Default to setting secret name for dev

We use a secret when authenticating with the local `git.test` repository. This secret reference was missing, causing failures in the core repository integration tests.

Signed-off-by: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com>
---
 pkg/composer/blueprint/blueprint_handler.go   |   6 +
 .../blueprint_handler_private_test.go         | 137 ++++++++++++++++++
 2 files changed, 143 insertions(+)

diff --git a/pkg/composer/blueprint/blueprint_handler.go b/pkg/composer/blueprint/blueprint_handler.go
index ee860c479..6fba0d4fd 100644
--- a/pkg/composer/blueprint/blueprint_handler.go
+++ b/pkg/composer/blueprint/blueprint_handler.go
@@ -1723,8 +1723,10 @@ func (b *BaseBlueprintHandler) deepMergeMaps(base, overlay map[string]any) map[s
 // setRepositoryDefaults sets or overrides the blueprint repository URL based on development mode and git configuration.
 // If development mode is enabled, the development URL is always used. Otherwise, the git remote origin URL is used if the URL is unset.
 // If a URL is set and the repository reference is empty, the branch is set to "main".
+// In dev mode, the secretName is set to "flux-system" if not already set.
 func (b *BaseBlueprintHandler) setRepositoryDefaults() error {
 	devMode := b.runtime.ConfigHandler.GetBool("dev")
+
 	if devMode {
 		url := b.getDevelopmentRepositoryURL()
 		if url != "" {
@@ -1740,6 +1742,10 @@ func (b *BaseBlueprintHandler) setRepositoryDefaults() error {
 	if b.blueprint.Repository.Url != "" && b.blueprint.Repository.Ref == (blueprintv1alpha1.Reference{}) {
 		b.blueprint.Repository.Ref = blueprintv1alpha1.Reference{Branch: "main"}
 	}
+	if devMode && b.blueprint.Repository.Url != "" && b.blueprint.Repository.SecretName == nil {
+		secretName := "flux-system"
+		b.blueprint.Repository.SecretName = &secretName
+	}
 	return nil
 }
 
diff --git a/pkg/composer/blueprint/blueprint_handler_private_test.go b/pkg/composer/blueprint/blueprint_handler_private_test.go
index 1034e8408..86ca02364 100644
--- a/pkg/composer/blueprint/blueprint_handler_private_test.go
+++ b/pkg/composer/blueprint/blueprint_handler_private_test.go
@@ -4178,6 +4178,143 @@ func TestBaseBlueprintHandler_setRepositoryDefaults(t *testing.T) {
 		}
 	})
 
+	t.Run("SetsSecretNameToFluxSystemInDevModeWhenURLSet", func(t *testing.T) {
+		handler := setup(t)
+		handler.blueprint.Repository.Url = "http://git.test/git/tmp"
+
+		mockConfigHandler := handler.runtime.ConfigHandler.(*config.MockConfigHandler)
+		mockConfigHandler.GetBoolFunc = func(key string, defaultValue ...bool) bool {
+			if key == "dev" {
+				return true
+			}
+			return false
+		}
+
+		err := handler.setRepositoryDefaults()
+
+		if err != nil {
+			t.Fatalf("Expected no error, got %v", err)
+		}
+		if handler.blueprint.Repository.SecretName == nil {
+			t.Error("Expected secretName to be set to 'flux-system', got nil")
+		} else if *handler.blueprint.Repository.SecretName != "flux-system" {
+			t.Errorf("Expected secretName to be 'flux-system', got '%s'", *handler.blueprint.Repository.SecretName)
+		}
+	})
+
+	t.Run("DoesNotSetSecretNameWhenDevModeIsFalse", func(t *testing.T) {
+		handler := setup(t)
+		handler.blueprint.Repository.Url = "https://github.com/user/repo"
+
+		mockConfigHandler := handler.runtime.ConfigHandler.(*config.MockConfigHandler)
+		mockConfigHandler.GetBoolFunc = func(key string, defaultValue ...bool) bool {
+			return false
+		}
+
+		err := handler.setRepositoryDefaults()
+
+		if err != nil {
+			t.Fatalf("Expected no error, got %v", err)
+		}
+		if handler.blueprint.Repository.SecretName != nil {
+			t.Errorf("Expected secretName to be nil when dev mode is false, got '%s'", *handler.blueprint.Repository.SecretName)
+		}
+	})
+
+	t.Run("PreservesExistingSecretNameInDevMode", func(t *testing.T) {
+		handler := setup(t)
+		handler.blueprint.Repository.Url = "http://git.test/git/tmp"
+		existingSecretName := "custom-secret"
+		handler.blueprint.Repository.SecretName = &existingSecretName
+
+		mockConfigHandler := handler.runtime.ConfigHandler.(*config.MockConfigHandler)
+		mockConfigHandler.GetBoolFunc = func(key string, defaultValue ...bool) bool {
+			if key == "dev" {
+				return true
+			}
+			return false
+		}
+
+		err := handler.setRepositoryDefaults()
+
+		if err != nil {
+			t.Fatalf("Expected no error, got %v", err)
+		}
+		if handler.blueprint.Repository.SecretName == nil {
+			t.Error("Expected secretName to be preserved, got nil")
+		} else if *handler.blueprint.Repository.SecretName != "custom-secret" {
+			t.Errorf("Expected secretName to remain 'custom-secret', got '%s'", *handler.blueprint.Repository.SecretName)
+		}
+	})
+
+	t.Run("DoesNotSetSecretNameWhenURLIsEmptyEvenInDevMode", func(t *testing.T) {
+		handler := setup(t)
+		handler.blueprint.Repository.Url = ""
+
+		mockConfigHandler := handler.runtime.ConfigHandler.(*config.MockConfigHandler)
+		mockConfigHandler.GetBoolFunc = func(key string, defaultValue ...bool) bool {
+			if key == "dev" {
+				return true
+			}
+			return false
+		}
+		mockConfigHandler.GetStringFunc = func(key string, defaultValue ...string) string {
+			return ""
+		}
+
+		mockShell := handler.runtime.Shell.(*shell.MockShell)
+		mockShell.ExecSilentFunc = func(command string, args ...string) (string, error) {
+			return "", fmt.Errorf("not a git repository")
+		}
+
+		err := handler.setRepositoryDefaults()
+
+		if err != nil {
+			t.Fatalf("Expected no error, got %v", err)
+		}
+		if handler.blueprint.Repository.SecretName != nil {
+			t.Errorf("Expected secretName to be nil when URL is empty, got '%s'", *handler.blueprint.Repository.SecretName)
+		}
+	})
+
+	t.Run("SetsSecretNameToFluxSystemWhenDevModeSetsURL", func(t *testing.T) {
+		handler := setup(t)
+
+		mockConfigHandler := handler.runtime.ConfigHandler.(*config.MockConfigHandler)
+		mockConfigHandler.GetBoolFunc = func(key string, defaultValue ...bool) bool {
+			if key == "dev" {
+				return true
+			}
+			return false
+		}
+		mockConfigHandler.GetStringFunc = func(key string, defaultValue ...string) string {
+			if key == "dns.domain" {
+				return "test"
+			}
+			return ""
+		}
+
+		handler.runtime.ProjectRoot = "/path/to/project"
+		handler.shims.FilepathBase = func(path string) string {
+			return "project"
+		}
+
+		err := handler.setRepositoryDefaults()
+
+		if err != nil {
+			t.Fatalf("Expected no error, got %v", err)
+		}
+		expectedURL := "http://git.test/git/project"
+		if handler.blueprint.Repository.Url != expectedURL {
+			t.Errorf("Expected URL to be %s, got %s", expectedURL, handler.blueprint.Repository.Url)
+		}
+		if handler.blueprint.Repository.SecretName == nil {
+			t.Error("Expected secretName to be set to 'flux-system', got nil")
+		} else if *handler.blueprint.Repository.SecretName != "flux-system" {
+			t.Errorf("Expected secretName to be 'flux-system', got '%s'", *handler.blueprint.Repository.SecretName)
+		}
+	})
+
 }
 
 func TestBaseBlueprintHandler_normalizeGitURL(t *testing.T) {