From 1e49917e573fd4368f7a9a833548c05455b7966d Mon Sep 17 00:00:00 2001
From: Aurora Gaffney <agaffney@applause.com>
Date: Mon, 8 Dec 2025 22:26:51 +0000
Subject: [PATCH] fix: evaluate templates in site config secrets files paths

Signed-off-by: Aurora Gaffney <agaffney@applause.com>
---
 deploy_config_generator/site_config.py    | 5 ++++-
 setup.py                                  | 2 +-
 tests/integration/secrets/site_config.yml | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/deploy_config_generator/site_config.py b/deploy_config_generator/site_config.py
index cf22675..0a21bbc 100644
--- a/deploy_config_generator/site_config.py
+++ b/deploy_config_generator/site_config.py
@@ -117,7 +117,10 @@ def load_file(self, path):
                 data = dict_merge(data, include_data)
             del data['include']
         if 'secrets_files' in data:
-            for idx, secrets_file in enumerate(data['secrets_files']):
+            secrets_files = self._template.render_template(data['secrets_files'])
+            if not isinstance(secrets_files, list):
+                secrets_files = [secrets_files]
+            for idx, secrets_file in enumerate(secrets_files):
                 if not secrets_file.startswith('/'):
                     # Normalize secrets file path based on location of parent file
                     data['secrets_files'][idx] = os.path.join(os.path.dirname(path), secrets_file)
diff --git a/setup.py b/setup.py
index 300ae90..8cbcfc7 100644
--- a/setup.py
+++ b/setup.py
@@ -53,7 +53,7 @@ def run(self):
 
 setup(
     name='deploy-config-generator',
-    version='2.30.0',
+    version='2.30.1',
     url='https://github.com/ApplauseOSS/deploy-config-generator',
     license='MIT',
     description='Utility to generate service deploy configurations',
diff --git a/tests/integration/secrets/site_config.yml b/tests/integration/secrets/site_config.yml
index 805b209..fd24be0 100644
--- a/tests/integration/secrets/site_config.yml
+++ b/tests/integration/secrets/site_config.yml
@@ -5,6 +5,7 @@ plugins:
     # Enable 'dummy' plugin, which is disabled by default
     enabled: true
 secrets_files:
-  - secrets.yaml
+  # The seemingly needless template is there just to make sure templates are evaluated
+  - secret{{ 's' }}.yaml
   # This is here to make sure we don't blow up when a secrets file doesn't exist
   - secrets.doesnotexist.yaml