Externalize Docker Hub username and Azure Key Vault endpoint

[mucsi96]

Summary

This PR externalizes hardcoded configuration values into environment variables to improve flexibility and security across the deployment pipeline and scripts.

Key Changes

• Environment Variables: Added two new required environment variables:

  • DOCKERHUB_USERNAME: Replaces hardcoded "mucsi96" Docker Hub username
  • AZURE_KEYVAULT_ENDPOINT: Replaces hardcoded Azure Key Vault URL

• Deployment Script (scripts/deploy.sh):

  • Added validation for the two new required environment variables
  • Updated Docker Hub registry queries to use $DOCKERHUB_USERNAME variable
  • Updated Helm deployment commands to reference the dynamic username for both server and client images
  • Updated Azure Key Vault endpoint configuration to use the environment variable

• CI/CD Pipeline (.github/workflows/pipeline.yml):

  • Updated Docker login step to use ${{ secrets.DOCKERHUB_USERNAME }} instead of ${{ github.repository_owner }}
  • Updated server and client image build/push commands to use the secrets-based username
  • Added both new environment variables to the deployment job's environment configuration

Benefits

• Enables deployment to different Docker Hub accounts without code changes
• Supports multiple Azure Key Vault environments (dev, staging, production)
• Improves security by removing hardcoded values
• Increases flexibility for different deployment scenarios

https://claude.ai/code/session_016qayUKmBDMNrKvN4f3NLjE

[claude]

PR Review - Externalize Docker Hub username and Azure Key Vault endpoint

Overall this is a clean, well-motivated change. The validation pattern using the colon-question-mark operator is idiomatic bash. A few issues to address:

BUG 1 - Helm will misparse the Key Vault URL: AZURE_KEYVAULT_ENDPOINT is a URL containing a colon. Helm --set treats colons specially, which can cause silent failures. Use --set-string for URL values instead of --set.

BUG 2 - No validation that fetched Docker tags are non-empty: If the Docker Hub API returns no results, jq outputs the string null but exits 0, so set -e will not catch it. Helm would then deploy with image tag null. Add an explicit check after each tag fetch using the same colon-question-mark pattern already used for env vars at the top of the script.

Minor - DOCKERHUB_USERNAME is not really a secret: Docker Hub usernames are public. A plain repository variable (vars.DOCKERHUB_USERNAME) would be more appropriate - it will not be masked in logs, aiding debugging.

Minor - Quote --set variables: All --set arguments using shell variables should be double-quoted to guard against word splitting.

The Helm URL parsing issue is the main blocker; the rest are discretionary improvements.